Patrick Fong wrote:
>
> I have two questions.
>
> 1) I was wondering if it was more effective to have one servlet that
> handles all the requests eg. http://localhost/index.jsp?instruct=02 for
> adding requests, index.jsp?instruct=03 for editting database entries.
>
> String instruct= request.getParameter("request");
>
> if (instruct.compareTo("01")!=-1) {
>
>
> } //do something
>
> else if (same as above) {
>
> if request.getParameter(Parameters for inserting database requests) {
>
> }// do the DB thing
>
> }
>
> and so on... I find alot of big web-sites are doing that now. What are
> benefits of this? I am trying to prevent the user from finding out too much
> about the operations of the web-sites. I think that any individual can
> figure out how a database works and how the website works by looking atthe
> form elements and the links within the page. What is the best way of
> hidding these sort of information. (I want the users to use the web-site
> and not try to hack into the database etc etc).
The way you want "to hide" functionality from users to prevent
hacking is called "security by obscurity" and brings no or just a little
help. Better way is to program you application/servlet/anything so
secure that no one can hack them in any way.
Regards,
J.Ch.
--
Ing. Jozef Chocholacek Qbizm Technologies, Inc.
Chief Project Analyst ... the art of internet.
________________________________________________________________
Kralovopolska 139 tel: +420 5 4124 2414
601 12 Brno, CZ http://www.qbizm.com fax: +420 5 4121 2696
___________________________________________________________________________
To unsubscribe, send email to [EMAIL PROTECTED] and include in the body
of the message "signoff SERVLET-INTEREST".
Archives: http://archives.java.sun.com/archives/servlet-interest.html
Resources: http://java.sun.com/products/servlet/external-resources.html
LISTSERV Help: http://www.lsoft.com/manuals/user/user.html
