I disagree with one point: any nice encryption algorithm may not be decrypted. So, instead of decrypt you should encrypt the password given and compare it with the value in the database (that is already encrypted). []'s, Rodrigo. > -----Mensagem original----- > De: Nishit Trivedi [mailto:[EMAIL PROTECTED]] > Enviada em: Quinta-feira, 12 de Abril de 2001 11:49 > Para: [EMAIL PROTECTED] > Assunto: Re: Question on Redirect and Parameter passing to a jsp page > > > i don't know the answer for first question.. > but i can answer 2nd... > > If you are concern security wise then as soon as you get password > encrypt it ( by Base64 algo) and store encrypted pwd in DB. > And in b.jsp get pwd from DB and decrypt it and use it... > If you don't want to store it in DB then you can always store it > in session as you did for userName(if you not much concern about > security)... > > Nishit > =========================================================================== To unsubscribe: mailto [EMAIL PROTECTED] with body: "signoff JSP-INTEREST". For digest: mailto [EMAIL PROTECTED] with body: "set JSP-INTEREST DIGEST". Some relevant FAQs on JSP/Servlets can be found at: http://java.sun.com/products/jsp/faq.html http://www.esperanto.org.nz/jsp/jspfaq.html http://www.jguru.com/jguru/faq/faqpage.jsp?name=JSP http://www.jguru.com/jguru/faq/faqpage.jsp?name=Servlets
