This topic has been archived. It cannot be replied.
-
工作学习 / IT技术讨论 / Hi,jabber,Please help me.I want to pass and store some parameters using session.getValue and sessionId between different jsp pages but I don't know where these values are stored, in Memory or hd in Webserver(resin+apache)?...you know, I want these values secure and invisible.
-catchfire(catchfire);
2001-1-30
{51}
(#23314@0)
-
Don't worry for security here.The implementation of Session is vendor specific. Of course, it needs to comply the interface specified in the servlet API. It is in the Memory.
But it can be serilaized to the hard disk. Because you Never, Never, Never transmit the session to the Internet, it seems to me there is no security problem.
By the way, pls use session.setAttrbute(), session.getAttribute(), session.removeAttribute(). session.getValue has been deprecated.
Good luck.
-jabber(jabber);
2001-1-30
{461}
(#23331@0)
-
Thanks a lot for your help! But I want to know if the administrator of the Web server can get the values about the session serialized to HD?...the project which I'm involved in is about stock transaction online, you know, it's important for us to make data secure,such as customer ID, and password.
-catchfire(catchfire);
2001-1-30
{159}
(#23415@0)
-
You should trust System Adminstrator and Web MasterNot all the servers serialize the session to the hard drive. For instance,
IBM websphere Commerce Suite intensively employ the back-end DB2 database and its session is relatively simple. It seems to me we cannot
prevent System Adminstors from doing something.
By the way, customer ID and password should be saved to DB.
-jabber(jabber);
2001-1-31
{329}
(#23495@0)