chris, i had a look at container managed authentication and its quite handy. but i couldnt see how i can add extra functionality like calling an encryption function on password text field before tomcat does its authentication on it. for js, my client side authentication is done on form submit button click event, if the hackers do disable javascripts, how will my html form be submitted? however, i will add some server side validation as well, i agree thats important. -----Original Message----- From: Christopher Schultz [mailto:ch...@christopherschultz.net] Sent: Friday, August 20, 2010 3:41 AM To: Tomcat Users List Subject: Re: [OT] Sessions mix-up on Tomcat 6.0.26 on Linux -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Yawar, On 8/19/2010 3:27 PM, Yawar Saeed Khan/ITG/Karachi wrote: > your comments on my current code tells me that this code is not bad, > but I should check out tomcat's container managed logins... right? This code seems to be doing more work than necessary. Container-managed authentication and authorization is a useful service provided by the container. I highly recommend taking a look at using it, but it may be ... disruptive to your existing workflows. > plus I would like to mention that I have client side form validations > (js) to stop query busters. I'm sure that hackers will be sure to leave javascript enabled when they visit your site. - -chris -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.10 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iEYEARECAAYFAkxtsuYACgkQ9CaO5/Lv0PBOsQCgnldndPM7po8wlgYUq6k/QDT3 1mAAoKo/47GXpG4dIEfRNpkZnX/SSveb =zrJ+ -----END PGP SIGNATURE----- --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
