> From: João Nuno Silva [mailto:jns...@gmail.com] > Subject: Re: POST replication > > 1) I want to have an authentication module that's independent of the > servlet container used (because I think this behavior of request replay > isn't a standard, but I might be wrong...);
The servlet spec requires that the container retain the original request so it can be replayed if authentication succeeds. > 2) I believe I can better optimize session creation to reduce memory > usage (because I won't save the previous request in session). It doesn't really matter where you save the request; it will still consume the same amount of heap space unless you slow things down by writing it to disk (and thereby create a host of other problems for the normal path). > I think this way I can be more tolerable to DoS attacks from > unauthenticated users; I don't see how that follows. > 3) I'm learning a few things in the process of reinventing this wheel ;) That one I'll buy. - Chuck THIS COMMUNICATION MAY CONTAIN CONFIDENTIAL AND/OR OTHERWISE PROPRIETARY MATERIAL and is thus for use only by the intended recipient. If you received this in error, please contact the sender and delete the e-mail and its attachments from all computers.
