-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Yawar,
On 8/21/2010 12:42 AM, Yawar Khan wrote: > chris, i had a look at container managed authentication and its quite handy. > but > i couldnt see how i can add extra functionality like calling an encryption > function on password text field before tomcat does its authentication on it. It's built-in. As long as you just want to do a simple hash of the user's password (like MD5, SHA-256, etc.), you should be good to go. Unfortunately, Tomcat does not currently support any salting of the password before hashing. > for js, my client side authentication is done on form submit button click > event, > if the hackers do disable javascripts, how will my html form be submitted? You don't even need a "page" in order to submit a form to a web server. You can use 'wget' from the command-line to synthesize a request if you're lazy. If you're determined, you can write your own client that feeds everything to the web server and acts just like a web browser. > however, i will add some server side validation as well, i agree thats > important. I should say so. - -chris -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.10 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iEYEARECAAYFAkx1KEUACgkQ9CaO5/Lv0PCBnwCfahxtdo7urHBQluUyZcq7JyeQ nqUAn02+e1+nw3LfBh/6zRwT3667ngIn =GU9r -----END PGP SIGNATURE----- --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org