Somebody wrote:
> SSL would probably be the most practical solution, and would be acceptable
> to the clients of the products.
Making the login be a normal POST to an SSL server is definitely
your best bet. Another tip; have the servlet that takes the POST
generate some sort of keyed cookie and respond to the POST with the
cookie and a redirect to the next page. That's the only way to
prevent browsers from caching and offering to repost form data.
> Could the Javascript be hidden, at least at a superficial level, by defining
> it in a separate file which is included via the SRC tag, or using
> document.write(...). It has been my observation that viewing the source from
> the browser, simply displays these including tags, and not the script code.
Sure, but it's a fairly easy step from there to directly view the
source file. After all, the source file has to be accessible for the
browser to download it.
Steven J. Owens
[EMAIL PROTECTED]
[EMAIL PROTECTED]
___________________________________________________________________________
To unsubscribe, send email to [EMAIL PROTECTED] and include in the body
of the message "signoff SERVLET-INTEREST".
Archives: http://archives.java.sun.com/archives/servlet-interest.html
Resources: http://java.sun.com/products/servlet/external-resources.html
LISTSERV Help: http://www.lsoft.com/manuals/user/user.html
