Group items tagged

asks the user for multiple pieces of hard data that should have been

send the password reset information to some

such as a (possibly different) email address or an SMS text number, etc. to be used in Step 3.

Step 2) Verify Security Questions

application verifies that each piece of data is correct for the given username

If anything is incorrect, or if the username is not recognized, the second page displays a generic error message such as “Sorry, invalid data”. If all submitted data is correct, Step 2 should display at least two of the user’s pre-established personal security questions, along with input fields for the answers.

Avoid sending the username as a parameter

Do not provide a drop-down list

server-side session

user's email account may have already been compromised

Asynchronous Servlets Performance

With a non NIO or non Continuation based server, this would require around 11,000 threads to handle 10,000 simultaneous users. Jetty handles this number of connections with only 250 threads.

Classical synchronous model: 10,000 concurrent users -> 11,000 server threads. 1.1 ratio.

Comet asynchronous model: 10,000 concurrent users -> 250 server threads. 0.025 ratio.

classical (synchronous) servlet model

request -> immediate processing -> response

Comet implementations rely on a different model:

request -> wait for available data -> response

With synchronous servlet processing, each request is handled by one dedicated server thread