 |
 | Home | Contact Us | FAQ | Search & Site Map | Link to Us |
 | Sign In | Join | Other 45 Sites in Network |
Java Forum / General / July 2006swing app, how to prevent multi-login
Hi, A swing UI communicates with server via TCP/IP, socket, and the server supports up to 1 million UI. I'm wondering, what's the simple way to prevent same userID login twice or more at the same time? I know Kerberos is good, but too complicated (this app is not using any j2ee package or 3rd package). -- Thanks John Toronto > Hi, > > A swing UI communicates with server via TCP/IP, socket, and the server Hmm, I'm not sure what this has to do with Java or swing, but as for TCP/IP.... nothing prevents it. I used to log with multiple terminals all the time before they invented windows, it was the only way to get stuff done quickly. > supports up to > 1 million UI. > > I'm wondering, what's the simple way to prevent same userID login twice > or more at the Off hand, I think you'll have to identify the login procedure, have that check for the user already logged in, and return an error/wedge/ignore on a multiple log-in attempt. This will require good design to make certain that all logins go through a single entry point. > same time? I know Kerberos is good, but too complicated (this app is > not using any j2ee package or 3rd package). I don't think Kerberos will help you. You'll still need to centralize your logins as above. Kerberos might help you prevent a session from being high-jacked, or from people impersonating others to gain multiple logins, but these are security issues. Really they don't have anything to do with a single person giving a valid password, and logging in multiple times. You still have to code that separately from anything else. > -- > Thanks > John > Toronto >> Hi, >> [quoted text clipped - 25 lines] > to do with a single person giving a valid password, and logging in > multiple times. You still have to code that separately from anything else. To add to what Mark says, Kerberos doesn't help prevent multiple logins. That isn't what it is intended to do. In fact, Windows Server 2003 doesn't have any built-in way of preventing multiple concurrent logins from a single username and it uses Kerberos in a domain environment for doing the authentication so that tells you right there kerberos isn't the answer. You will need to have a central repository for keeping track of who is logged in and testing against that data repo everytime someone logs in to see if they are already logged in. Again, in the case of Windows there isn't anything that already exists that can do that and I've used a new attribute within the Active Directory schema to keep track of it. You will have to do something like that on the server you are working with (some flag or something) in order to prevent multiple concurrent logins. Free MagazinesGet these publications absolutely FREE for up to 12 months. There are no hidden fees and no obligation. Simply choose a title, complete the application form and submit it. Read more ...
|
Reply to this Message
|
 Sign In
 Join
 My Latest Posts My Monitored Threads My Blog My Photo Gallery My Profile My Homepage Start New Thread Enable EMail Alerts Rate this Thread
|
©2009 Advenet LLC Privacy Policy - Terms of Use
This website includes both content owned or controlled by Advenet as well as content owned or controlled by third parties.