Hello, So far I thought that container-managed authentication was the way to go. Why I thought so? I thought:
1) Since such authentication is implemented by experts in the field there's a much greater chance that their implementation would be much more secure to attacks then my own application-managed implementation. 2) The container has much more control in a servlet environment than a web-app. Therefore if the container is aware of the user who is making requests rather than just the web-app, this would be an added security incentive. 3) Struts tag library provides some neat tags such as conditional tags based on the logged-in user's identity and roles, and probably such tags will flourish even more in the future. These tags support only container-based authentication (am I right here?). So if you're using container-managed authentication you can use these tags, otherwise you'll have to implement your own. Do you guys think that three so-called advantages that I've listed are really valid advantages and is there any more advantages associated to container-managed authentication? Basically I'm asking all these questions because I'm trying to decide whether I should abandon container-managed authentication and implement my own. Thanks, Mete __________________________________________________ Do You Yahoo!? Yahoo! Autos - Get free new car price quotes http://autos.yahoo.com -- To unsubscribe, e-mail: <mailto:[EMAIL PROTECTED]> For additional commands, e-mail: <mailto:[EMAIL PROTECTED]>
