I think u can change the servlet file permission to read & execute only,
then they can't substitute ur servlet.
Regards,
Louis
ø¤°`°¤ø,¸¸¸,ø¤°`°¤ø,¸¸»«¸,ø¤°`°¤ø,¸¸,ø¤°`°¤ø
----- Original Message -----
From: "Carlos Otero Barros" <[EMAIL PROTECTED]>
To: <[EMAIL PROTECTED]>
Sent: Wednesday, January 31, 2001 6:31 AM
Subject: Is LoginServlet bad practice?
> Hi All!
>
> Recently I have been envolved in a discussion about the convenience of
> encapsulating login process in a separate servlet. Namely LoginServlet.
> My opinion is this is a bad practice from a security point of view.
> Internal personel could substitute the LoginServlet with any other
> simple servlet with the same methods() and take the whole web site
> unsecured.
>
> Your opinion?
>
> Thanks
>
>
===========================================================================
> To unsubscribe, send email to [EMAIL PROTECTED] and include in the
body
> of the message "signoff EJB-INTEREST". For general help, send email to
> [EMAIL PROTECTED] and include in the body of the message "help".
===========================================================================
To unsubscribe, send email to [EMAIL PROTECTED] and include in the body
of the message "signoff EJB-INTEREST". For general help, send email to
[EMAIL PROTECTED] and include in the body of the message "help".
