Celeste, That's a good idea. It will be really helpful for us if you can throw some code snippets on the XML part.
I appreciate your idea. Thanks in advance, Ketharinath ----- Original Message ----- From: "Haseltine, Celeste" <[EMAIL PROTECTED]> To: <[EMAIL PROTECTED]> Sent: Thursday, November 15, 2001 1:06 PM Subject: Re: Login Authentication against database... > Joe, > > When my user's log-in, I capture their username and compare that name to > those I have in an XML table on the server. If the name exists in the XML > table, and is still classified as Active, I then make a connection to my > database, and verify the password, along with obtaining other info I need > for access into different areas of our site. Every time a new user is added > to the database, I run a script that updates my XML file on the server. The > XML table is located in a different directory on our site than the actual > JSP/HTML pages, and has limited information. Therefore, if someone did get > their hands on it, they still could not log into our site. > > This allows me to do a "first verification" of the user, and then rejecting > the user if appropriate, without even opening a connection or pulling a > thread from the connection pool to my database. I have one JSP that > verifies the user exists in the XML table, before either handing off the > user to another JSP for verification against the database, or redirection to > a login error page. > > Celeste > > -----Original Message----- > From: Joe Cheng [mailto:[EMAIL PROTECTED]] > Sent: Thursday, November 15, 2001 11:33 AM > To: [EMAIL PROTECTED] > Subject: Re: Login Authentication against database... > > > Celeste, > > what's a "more secure" means? now you've got me curious. > > and Bob wasn't pointing out a loophole, just calling attention to the > non-escaped values in the SQL statement below. > > -jmc > > ========================================================================== = > To unsubscribe: mailto [EMAIL PROTECTED] with body: "signoff > JSP-INTEREST". > For digest: mailto [EMAIL PROTECTED] with body: "set JSP-INTEREST > DIGEST". > Some relevant FAQs on JSP/Servlets can be found at: > > http://archives.java.sun.com/jsp-interest.html > http://java.sun.com/products/jsp/faq.html > http://www.esperanto.org.nz/jsp/jspfaq.jsp > http://www.jguru.com/faq/index.jsp > http://www.jspinsider.com > > =========================================================================== > To unsubscribe: mailto [EMAIL PROTECTED] with body: "signoff JSP-INTEREST". > For digest: mailto [EMAIL PROTECTED] with body: "set JSP-INTEREST DIGEST". > Some relevant FAQs on JSP/Servlets can be found at: > > http://archives.java.sun.com/jsp-interest.html > http://java.sun.com/products/jsp/faq.html > http://www.esperanto.org.nz/jsp/jspfaq.jsp > http://www.jguru.com/faq/index.jsp > http://www.jspinsider.com > =========================================================================== To unsubscribe: mailto [EMAIL PROTECTED] with body: "signoff JSP-INTEREST". For digest: mailto [EMAIL PROTECTED] with body: "set JSP-INTEREST DIGEST". Some relevant FAQs on JSP/Servlets can be found at: http://archives.java.sun.com/jsp-interest.html http://java.sun.com/products/jsp/faq.html http://www.esperanto.org.nz/jsp/jspfaq.jsp http://www.jguru.com/faq/index.jsp http://www.jspinsider.com
