Why not use the security and ACL mechanisms that are provided to you by J2EE
web applications?
Dave Wolf
Internet Applications Division
Sybase
----- Original Message -----
From: "Carlos Otero Barros" <[EMAIL PROTECTED]>
To: <[EMAIL PROTECTED]>
Sent: Wednesday, January 31, 2001 9:31 AM
Subject: Is LoginServlet bad practice?
> Hi All!
>
> Recently I have been envolved in a discussion about the convenience of
> encapsulating login process in a separate servlet. Namely LoginServlet.
> My opinion is this is a bad practice from a security point of view.
> Internal personel could substitute the LoginServlet with any other
> simple servlet with the same methods() and take the whole web site
> unsecured.
>
> Your opinion?
>
> Thanks
>
>
===========================================================================
> To unsubscribe, send email to [EMAIL PROTECTED] and include in the
body
> of the message "signoff EJB-INTEREST". For general help, send email to
> [EMAIL PROTECTED] and include in the body of the message "help".
>
>
===========================================================================
To unsubscribe, send email to [EMAIL PROTECTED] and include in the body
of the message "signoff EJB-INTEREST". For general help, send email to
[EMAIL PROTECTED] and include in the body of the message "help".
