>>> Marc Krisjanous <[EMAIL PROTECTED]> 22-Mar-01 10:41:52
PM >>>
>Is this approach sound or would I need something
>better??
Yes it's broadly sound. But completely insecure. The username and
password are being sent in the clear across the net.
You should protect the username and password submit with https
servlets.
There have been many discussions here about security of
authentication. Check the archives of this list.
You might also want to check the archives of the advanced-servlets
and advanced-servlets-turtorial lists at yahoogroups because some of
us have extensively discussed security issues there.
Nic Ferrier
___________________________________________________________________________
To unsubscribe, send email to [EMAIL PROTECTED] and include in the body
of the message "signoff SERVLET-INTEREST".
Archives: http://archives.java.sun.com/archives/servlet-interest.html
Resources: http://java.sun.com/products/servlet/external-resources.html
LISTSERV Help: http://www.lsoft.com/manuals/user/user.html
