AppletTalk.com Java discussions newsgroups   Archives   FAQ   Search   Memberlist   Usergroups   Register   Profile   Log in to check your private messages   Log in  how to login into a website automatically in a java applica          AppletTalk.com Forum Index -> Java Help View previous topic :: View next topic   Author Message Guest Posted: Mon Apr 23, 2007 8:18 pm    Post subject: how to login into a website automatically in a java applica There is a website whose first page is for user to login. When user visit the page and fill in the username and password , he can login into the website. The website has developed. Now the work need to do is: develop a java application in which the username and password is known to login into the weibsite automatically without typing the username and password manually. How to implement that? Back to top Wojtek Guest Posted: Mon Apr 23, 2007 8:58 pm    Post subject: Re: how to login into a website automatically in a java app zhouqiang94 (AT) gmail (DOT) com wrote : Quote: There is a website whose first page is for user to login. When user visit the page and fill in the username and password , he can login into the website. The website has developed. Now the work need to do is: develop a java application in which the username and password is known to login into the weibsite automatically without typing the username and password manually. How to implement that? Use a coockie. The user still has to log in the first time, but then set a cookie. When they visit again, check for the cookie (and its validity), and log them in. Note though that this is highly in-secure and not recommended practice. -- Wojtek Back to top Lew Guest Posted: Tue Apr 24, 2007 4:45 am    Post subject: Re: how to login into a website automatically in a java app Wojtek wrote: Quote: zhouqiang94 (AT) gmail (DOT) com wrote : There is a website whose first page is for user to login. When user visit the page and fill in the username and password , he can login into the website. The website has developed. Now the work need to do is: develop a java application in which the username and password is known to login into the weibsite automatically without typing the username and password manually. How to implement that? Use a coockie. The user still has to log in the first time, but then set a cookie. When they visit again, check for the cookie (and its validity), and log them in. Note though that this is highly in-secure and not recommended practice. How about a certificate? Is there a way to leverage a PKI such as GPG? -- Lew Back to top Wojtek Guest Posted: Tue Apr 24, 2007 6:15 pm    Post subject: Re: how to login into a website automatically in a java app Lew wrote : Quote: Wojtek wrote: zhouqiang94 (AT) gmail (DOT) com wrote : There is a website whose first page is for user to login. When user visit the page and fill in the username and password , he can login into the website. The website has developed. Now the work need to do is: develop a java application in which the username and password is known to login into the weibsite automatically without typing the username and password manually. How to implement that? Use a coockie. The user still has to log in the first time, but then set a cookie. When they visit again, check for the cookie (and its validity), and log them in. Note though that this is highly in-secure and not recommended practice. How about a certificate? Is there a way to leverage a PKI such as GPG? If I have access to your computer, I can steal anything on it. So I can copy any certificate, file, cookie, etc. I can copy that file to my computer, and now I am you. You really should be asking the user for something (userid, password, etc) prior to authenticating them. Unless it is a low security site and it does not matter if someone becomes someone else. Remember: you are who you log in as. -- Wojtek Back to top Lew Guest Posted: Wed Apr 25, 2007 4:04 am    Post subject: Re: how to login into a website automatically in a java app zhouqiang94 (AT) gmail (DOT) com wrote : Quote: There is a website whose first page is for user to login. When user visit the page and fill in the username and password , he can login into the website. The website has developed. Now the work need to do is: develop a java application in which the username and password is known to login into the weibsite automatically without typing the username and password manually. How to implement that? Lew wrote : Quote: How about a certificate? Is there a way to leverage a PKI such as GPG? Wojtek wrote: Quote: If I have access to your computer, I can steal anything on it. So I can copy any certificate, file, cookie, etc. I can copy that file to my computer, and now I am you. How does sending a certificate give you access to my computer? -- Lew Back to top Wojtek Guest Posted: Wed Apr 25, 2007 6:28 pm    Post subject: Re: how to login into a website automatically in a java app Lew wrote : Quote: zhouqiang94 (AT) gmail (DOT) com wrote : There is a website whose first page is for user to login. When user visit the page and fill in the username and password , he can login into the website. The website has developed. Now the work need to do is: develop a java application in which the username and password is known to login into the weibsite automatically without typing the username and password manually. How to implement that? Lew wrote : How about a certificate? Is there a way to leverage a PKI such as GPG? Wojtek wrote: If I have access to your computer, I can steal anything on it. So I can copy any certificate, file, cookie, etc. I can copy that file to my computer, and now I am you. How does sending a certificate give you access to my computer? Who is sending the certificate? If the server sends one to the client, then it is the client which deterimes if it is valid. So a browser must authenticate the certificate, usually by contacting the certificate authority which issued the certificate, and having that authority validate the certificate. Or having local storage. Which is why everyone needed to update their certificate files a few years ago, as the certificates were about to expire. If the client sends a certificate to the server, then how did the client get that certificate? If it was sent to the client by the server during a previous login, then I can steal that certificate and now I am you (unless you embed some machine characteristics in the certificate). Note: I am NOT an expert on this subject, I simply know enough to be confused (and sometimes confusing). I am willing to learn more if anyone else cares to step in? -- Wojtek Back to top Lew Guest Posted: Thu Apr 26, 2007 4:12 am    Post subject: Re: how to login into a website automatically in a java app Wojtek wrote: Quote: If the client sends a certificate to the server, then how did the client get that certificate? If it was sent to the client by the server during a previous login, then I can steal that certificate and now I am you (unless you embed some machine characteristics in the certificate). Not if the certificate has a fresh digitally-signed portion. Since the man-in-the-middle doesn't have your private key, they aren't able to sign what they send with your identity. The signature encrypt a hash of the accompanying message, so copied certs cannot generally fool the recipient. It's tricky, but PKI supports "non-repudiability". I am still fuzzy on the details, but it does address the question of intercepted credentials. -- Lew Back to top Wojtek Guest Posted: Thu Apr 26, 2007 6:01 pm    Post subject: Re: how to login into a website automatically in a java app Lew wrote : Quote: Wojtek wrote: If the client sends a certificate to the server, then how did the client get that certificate? If it was sent to the client by the server during a previous login, then I can steal that certificate and now I am you (unless you embed some machine characteristics in the certificate). Not if the certificate has a fresh digitally-signed portion. Since the man-in-the-middle doesn't have your private key, they aren't able to sign what they send with your identity. The signature encrypt a hash of the accompanying message, so copied certs cannot generally fool the recipient. It's tricky, but PKI supports "non-repudiability". I am still fuzzy on the details, but it does address the question of intercepted credentials. Yes, but this is a web application, not a FAT client. You would need to at least have a signed applet (or ActiveX) to do the client side processing. -- Wojtek Back to top Display posts from previous: All Posts1 Day7 Days2 Weeks1 Month3 Months6 Months1 Year Oldest FirstNewest First         AppletTalk.com Forum Index -> Java Help All times are GMT Page 1 of 1   Jump to: Select a forum Java Newsgroups----------------Java DiscussionsWeb-based java games comp.lang.java 3D Graphics API's for Java Java: Support and criticism Java System Announcements comp.lang.java.api JavaBeans Java and CORBA Java and Databases comp.lang.java.developer Java GUI Toolkits Java Help comp.lang.java.javascript JVM, native methods and hardware comp.lang.java.misc Java Language Programming Security and Java comp.lang.java.setup Java Software Tools comp.lang.java.tech ibm.software.java.linux  Non-English Java Newsgroups----------------Java Language (German)Language Java (Français)Java (Italian)  You cannot post new topics in this forum You cannot reply to topics in this forum You cannot edit your posts in this forum You cannot delete your posts in this forum You cannot vote in polls in this forum Powered by phpBB © 2001, 2006 phpBB Group SEO toolkit © 2004-2006 webmedic.