>>> Lalith Jayaweera <[EMAIL PROTECTED]> 10/14/99 9:41:33 AM >>>
>Why I did in this way is since I have lecturer id with me I can
compare it
>with the entered value rather than queryying the database again.Take
in
>to account that lecturer id is a seceret value only that particular
lecturer know.
>(Consider that though the user go to view-pagesource in his browser
he cant
>see the lec-id coz am calling this servlet from a HTml document.)
What? If you send back the lecturer-ids as an HTML page (which at the
top of your mail is what you were doing) then someone *can* look at
the IDs. Doesn't sound very secure.
>1)Is this method good enough as far as the security is concerned. Or
Should
>I not incooperate the LecID with the combo and later querry the
database again to
>validate the entered LecturerID with the real value.
Instead have a hash algorythm to generate keys from the lec-id keys.
Then pass back those keys. Even if it's not brilliant it's better than
passing the key itself.
>2)The Biggest problem is the the relevant java Script does not work
What I do when I've a problem with JS is duplicate the JS output
statements, eg:
resp_out.println("<script language=\"Javascript\">");
System.out.println("<script language=\"Javascript\">");
This way I can clearly see what is going on and format the generated
JS nice so it's easy to read and therefore easy to debug.
Hope that helps.
Nic Ferrier
___________________________________________________________________________
To unsubscribe, send email to [EMAIL PROTECTED] and include in the body
of the message "signoff SERVLET-INTEREST".
Archives: http://archives.java.sun.com/archives/servlet-interest.html
Resources: http://java.sun.com/products/servlet/external-resources.html
LISTSERV Help: http://www.lsoft.com/manuals/user/user.html
