Hi Sam !
>As the subject suggests?
>
>If as I've been told I don't use the actual userID and passwords to
>log into the DB from a web site or a generic username and password,
>then what do I use?
I have an idea that might help you. If not, trow it to the Recycle Bin.
So you could create at server side a simple text file with a fictiv login
name,
a fictiv password, the real login and the real password the user has to
connect
to the database.
A line from the text file:
joe apple joesmith ert123
You should get the login joe and passwd apple from a form and you read from
that text file that
the REAL login is joesmith and the REAL passwd is ert123.
You could make a page that allow users to change login and passwd (not the
REALs) and advise them to change passwd weekly.
That was my idea. IMPORTANT ! do NOT put the text file in a public place, (i
meen in the public_html dir).
This solution is like others it isn't 100 % safe.
p.s. if you have more questions you are welcome.
Have a nice day,
Andras
___________________________________________________________________________
To unsubscribe, send email to [EMAIL PROTECTED] and include in the body
of the message "signoff SERVLET-INTEREST".
Archives: http://archives.java.sun.com/archives/servlet-interest.html
Resources: http://java.sun.com/products/servlet/external-resources.html
LISTSERV Help: http://www.lsoft.com/manuals/user/user.html
