Just a side note. Be sure to force some pretty tight constraints on your
passwords. You should eliminate any ' and " from being allowable characters
in the password field of your DB and should check the user input from the
web page for these characters prior to comparing it to values in your DB.
For instance, say your query to verify the username/password ended with:
"...WHERE username = '" + req.getParameter("username") + "' AND pwd = '"
+ req.getParameter("pwd") + "'");
Hackers can exploit this by entering username "anything" and password "hi'
OR 'a' = 'a", for example. In other words, allowing the ' and " characters
enables hackers to enter their own SQL code and potentially subvert the
verification process.
Jared
----- Original Message -----
From: "Rinaldo" <[EMAIL PROTECTED]>
To: <[EMAIL PROTECTED]>
Sent: Friday, June 11, 2004 6:36 AM
Subject: R: creating password authentication servlet with mysql db
Create a form with the action the name of your servlet.
In the Servlet in doGet or doPost get the parameters with
request.getParameter("parmName") query your db if Nok again form with error
msg.
Regards
Rinaldo
-----Messaggio originale-----
Da: A mailing list for discussion about Sun Microsystem's Java Servlet API
Technology. [mailto:[EMAIL PROTECTED] Per conto di Cadbury
Inviato: venerd́ 11 giugno 2004 5.20
A: [EMAIL PROTECTED]
Oggetto: creating password authentication servlet with mysql db
hi
how do i create a password authentication servlet,
with the username and password are stored in mysql
database?
thanx a lot. any help are greatly appreciated.
bye
__________________________________
Do you Yahoo!?
Friends. Fun. Try the all-new Yahoo! Messenger.
http://messenger.yahoo.com/
___________________________________________________________________________
To unsubscribe, send email to [EMAIL PROTECTED] and include in the body
of the message "signoff SERVLET-INTEREST".
Archives: http://archives.java.sun.com/archives/servlet-interest.html
Resources: http://java.sun.com/products/servlet/external-resources.html
LISTSERV Help: http://www.lsoft.com/manuals/user/user.html
___________________________________________________________________________
To unsubscribe, send email to [EMAIL PROTECTED] and include in the body
of the message "signoff SERVLET-INTEREST".
Archives: http://archives.java.sun.com/archives/servlet-interest.html
Resources: http://java.sun.com/products/servlet/external-resources.html
LISTSERV Help: http://www.lsoft.com/manuals/user/user.html
___________________________________________________________________________
To unsubscribe, send email to [EMAIL PROTECTED] and include in the body
of the message "signoff SERVLET-INTEREST".
Archives: http://archives.java.sun.com/archives/servlet-interest.html
Resources: http://java.sun.com/products/servlet/external-resources.html
LISTSERV Help: http://www.lsoft.com/manuals/user/user.html
