But why write a line of code when J2EE security services provide this all to
you.
Dave Wolf
Internet Applications Division
Sybase
----- Original Message -----
From: "Rahman, Zahid" <[EMAIL PROTECTED]>
To: <[EMAIL PROTECTED]>
Sent: Wednesday, January 31, 2001 12:03 PM
Subject: Re: Is LoginServlet bad practice?
> Not my opinion,
>
> With regard to internal staff changing the servlet ?
>
> For instance what you are going to do if the staff take you physical
machine
> then what you going to do ?
>
> Interesting point though. Not much you can do when the servlet methods are
> specified and common to all servlets Not much you can do ?
>
> The key point here is internal staff changing code ?
>
> Regards
> Zahid
> > -----Original Message-----
> > From: Bono, Chris [SMTP:[EMAIL PROTECTED]]
> > Sent: Wednesday, January 31, 2001 3:30 PM
> > To: [EMAIL PROTECTED]
> > Subject: Re: Is LoginServlet bad practice?
> >
> > Why not use J2EE security?
> >
> > -----Original Message-----
> > From: Carlos Otero Barros [mailto:[EMAIL PROTECTED]]
> > Sent: Wednesday, January 31, 2001 8:31 AM
> > To: [EMAIL PROTECTED]
> > Subject: Is LoginServlet bad practice?
> >
> >
> > Hi All!
> >
> > Recently I have been envolved in a discussion about the convenience of
> > encapsulating login process in a separate servlet. Namely LoginServlet.
> > My opinion is this is a bad practice from a security point of view.
> > Internal personel could substitute the LoginServlet with any other
> > simple servlet with the same methods() and take the whole web site
> > unsecured.
> >
> > Your opinion?
> >
> > Thanks
> >
> >
==========================================================================
> > =
> > To unsubscribe, send email to [EMAIL PROTECTED] and include in the
> > body
> > of the message "signoff EJB-INTEREST". For general help, send email to
> > [EMAIL PROTECTED] and include in the body of the message "help".
> >
> >
==========================================================================
> > =
> > To unsubscribe, send email to [EMAIL PROTECTED] and include in the
> > body
> > of the message "signoff EJB-INTEREST". For general help, send email to
> > [EMAIL PROTECTED] and include in the body of the message "help".
>
>
===========================================================================
> To unsubscribe, send email to [EMAIL PROTECTED] and include in the
body
> of the message "signoff EJB-INTEREST". For general help, send email to
> [EMAIL PROTECTED] and include in the body of the message "help".
>
>
===========================================================================
To unsubscribe, send email to [EMAIL PROTECTED] and include in the body
of the message "signoff EJB-INTEREST". For general help, send email to
[EMAIL PROTECTED] and include in the body of the message "help".
