Hi All!
Recently I have been envolved in a discussion about the convenience of
encapsulating login process in a separate servlet. Namely LoginServlet.
My opinion is this is a bad practice from a security point of view.
Internal personel could substitute the LoginServlet with any other
simple servlet with the same methods() and take the whole web site
unsecured.
Your opinion?
Thanks
===========================================================================
To unsubscribe, send email to [EMAIL PROTECTED] and include in the body
of the message "signoff EJB-INTEREST". For general help, send email to
[EMAIL PROTECTED] and include in the body of the message "help".
