Tivoli Access Manager WebSeal : Change Password Customization

From: Sunil Soprey (sunilsoprey_at_yahoo.com)
Date: 01/28/04

  • Next message: trevor: "nessus not scanning other subnet" 
    Date: 28 Jan 2004 07:44:54 -0800

    Hello all --
       Question for you, is it possible to send the user to a different
    request after the password change is complete(other than original
    page)? We would also need to pass the original requested url to a
    secondary target(servlet/struts), which would make a determination
    whether to send or not. I could encode the
    requesting url via javascript and store in cookie on the password_exp
    page.

    Scenario:

    1) user enters https://serv1/foo.html ,however password expired
    2) user gotos https://webseal/password_exp.html, and changes password
    3) instead of going to https://serv1/foo.html, we would like to
    redirect
    to https://serv1/servlet/bar
    4) servlet/bar would do some business logic (if true send to foo.html,
    else
            send to abcdef.html)

    ideas?
    thanks
    sunilsoprey@yahoo.com

  • Next message: trevor: "nessus not scanning other subnet"

    Relevant Pages

    • Re: The remote web server is vulnerable to cross site scripting (XSS)
      ... It looks to me like the form in that page is simply taking the requested URL and making it the target of the form submission. ... What I'd do personally is make sure that the form target is specific implicitly rather than relying on the code behind it to generate the URL. ... The remote web server is vulnerable to cross site scripting ... sanitize request strings of malicious JavaScript. ...
      (microsoft.public.inetserver.iis.security)
    • Re: How to clear parameter out of url
      ... its performance hit by running the logic in the Page_Init method before the ... > querystring parameter in the requested url and do some session operations ... > certain parameter from the request url if it exist in the first request, ...
      (microsoft.public.dotnet.framework.aspnet)
    • RE: How to clear parameter out of url
      ... querystring parameter in the requested url and do some session operations ... certain parameter from the request url if it exist in the first request, ... the QueryString collection of the Request object are not ...
      (microsoft.public.dotnet.framework.aspnet)