> If you are hard coding the page to redirect to, when not then hard code it
on the form processing page instead of on the form itself? That would
remove one security issue altogether - you would now need to modify the
processing page to redirect somewhere else.
>
Because the idea is to have one login "action" page on the secure server
that handles all our LDAP authentication, sets whatever generic/standard
variables need to be set, and tosses them back to whichever application they
came from for further authorization. Hardcoding is impossible.
[Todays Threads] [This Message] [Subscription] [Fast Unsubscribe] [User Settings]
