But they could hide another copy of a servlet somewhere earlier in the
CLASSPATH.
Dave Wolf
Internet Applications Division
Sybase
----- Original Message -----
From: "LouisVoo" <[EMAIL PROTECTED]>
To: <[EMAIL PROTECTED]>
Sent: Wednesday, January 31, 2001 7:41 PM
Subject: Re: Is LoginServlet bad practice?
> I think u can change the servlet file permission to read & execute only,
> then they can't substitute ur servlet.
>
>
>
>
>
> Regards,
>
> Louis
> ø¤°`°¤ø,¸¸¸,ø¤°`°¤ø,¸¸»«¸,ø¤°`°¤ø,¸¸,ø¤°`°¤ø
>
> ----- Original Message -----
> From: "Carlos Otero Barros" <[EMAIL PROTECTED]>
> To: <[EMAIL PROTECTED]>
> Sent: Wednesday, January 31, 2001 6:31 AM
> Subject: Is LoginServlet bad practice?
>
>
> > Hi All!
> >
> > Recently I have been envolved in a discussion about the convenience of
> > encapsulating login process in a separate servlet. Namely LoginServlet.
> > My opinion is this is a bad practice from a security point of view.
> > Internal personel could substitute the LoginServlet with any other
> > simple servlet with the same methods() and take the whole web site
> > unsecured.
> >
> > Your opinion?
> >
> > Thanks
> >
> >
>
===========================================================================
> > To unsubscribe, send email to [EMAIL PROTECTED] and include in the
> body
> > of the message "signoff EJB-INTEREST". For general help, send email to
> > [EMAIL PROTECTED] and include in the body of the message "help".
>
>
===========================================================================
> To unsubscribe, send email to [EMAIL PROTECTED] and include in the
body
> of the message "signoff EJB-INTEREST". For general help, send email to
> [EMAIL PROTECTED] and include in the body of the message "help".
>
>
===========================================================================
To unsubscribe, send email to [EMAIL PROTECTED] and include in the body
of the message "signoff EJB-INTEREST". For general help, send email to
[EMAIL PROTECTED] and include in the body of the message "help".
