hiya,
Depending on what level of security you eventually
would prefer, there are various options available to
you.
The most obvious is change your form to:
<FORM METHOD="POST" ... >
the JSP will react to POST data in exactly the same
way as GET data.
if someone is sniffing your network traffic, you'd
still be in trouble, though because the username and
password would still be sent clear text over the
network.
other options open to you are:
use HTTP-Authentication (also not too secure).
use Certificates (complete pain but secure).
there are a coupla client side java applets that will
provide more secure authentication.
etc.
etc.
--- Mike Francis <[EMAIL PROTECTED]> wrote:
> I am new to the JSP scene. Any help with this
> problem would be greatly appreciated.
> I've written a bean that handles a database
> connection and the queries to the
> database. I use a form to allow the user to type in
> their username and password.
> When they hit the "login" button to submit the form
> the next page sets the username
> and password in the database bean. However this
> page shows the parameters in the URL
> in the browsers "Location" window.
>
>
http://xwing.myriad.com:8080/mikef/jsp/num/studies.jsp?username=mike&password=mypassword
>
> If someone looks over my shoulder as I log in they
> would see my password. Is there a
> slicker way to allow a user to login.
>
> I thought I could use javascript to setUser and
> setPassword in my database bean in
> the "onclick" event of the form's login button, but
> I don't know how to reference the
> bean from javascript.
>
> Thanks in advance for your help.
>
> mike
>
>
===========================================================================
> To unsubscribe: mailto [EMAIL PROTECTED] with
> body: "signoff JSP-INTEREST".
> FAQs on JSP can be found at:
> http://java.sun.com/products/jsp/faq.html
> http://www.esperanto.org.nz/jsp/jspfaq.html
>
__________________________________________________
Do You Yahoo!?
Bid and sell for free at http://auctions.yahoo.com
===========================================================================
To unsubscribe: mailto [EMAIL PROTECTED] with body: "signoff JSP-INTEREST".
FAQs on JSP can be found at:
http://java.sun.com/products/jsp/faq.html
http://www.esperanto.org.nz/jsp/jspfaq.html
