Re: Is LoginServlet bad practice?

Wed, 31 Jan 2001 08:51:54 -0800 

Not my opinion,

With regard to internal staff changing the servlet  ?

For instance what you are going to do if the staff take you physical machine
then what you going to do ?

Interesting point though. Not much you can do when the servlet methods are
specified and common to all servlets Not much you can do ?

The key point here is internal staff changing code ?

Regards
Zahid
> -----Original Message-----
> From: Bono, Chris [SMTP:[EMAIL PROTECTED]]
> Sent: Wednesday, January 31, 2001 3:30 PM
> To:   [EMAIL PROTECTED]
> Subject:      Re: Is LoginServlet bad practice?
>
> Why not use J2EE security?
>
> -----Original Message-----
> From: Carlos Otero Barros [mailto:[EMAIL PROTECTED]]
> Sent: Wednesday, January 31, 2001 8:31 AM
> To: [EMAIL PROTECTED]
> Subject: Is LoginServlet bad practice?
>
>
> Hi All!
>
> Recently I have been envolved in a discussion about the convenience of
> encapsulating login process in a separate servlet. Namely LoginServlet.
> My opinion is this is a bad practice from a security point of view.
> Internal personel could substitute the LoginServlet with any other
> simple servlet with the same methods() and take the whole web site
> unsecured.
>
> Your opinion?
>
> Thanks
>
> ==========================================================================
> =
> To unsubscribe, send email to [EMAIL PROTECTED] and include in the
> body
> of the message "signoff EJB-INTEREST".  For general help, send email to
> [EMAIL PROTECTED] and include in the body of the message "help".
>
> ==========================================================================
> =
> To unsubscribe, send email to [EMAIL PROTECTED] and include in the
> body
> of the message "signoff EJB-INTEREST".  For general help, send email to
> [EMAIL PROTECTED] and include in the body of the message "help".

===========================================================================
To unsubscribe, send email to [EMAIL PROTECTED] and include in the body
of the message "signoff EJB-INTEREST".  For general help, send email to
[EMAIL PROTECTED] and include in the body of the message "help".

Reply via email to