Hi,

to have access to my web application, user needs to log in. Before to send
login/password over the net, user is directly redirected to HTTPS version of
my web application in case he did not write HTTPS:// at the address bar.
once he types login/password, everything is checked with DB data and if it
is correct, so he's granted right to continue and he redirected to another
HTTPS web page.

i would like improve security but i'm not sure it make sense as HTTPS is
used.
therefore i was thinking to request for each stored procedures (all my SQL
requests are in stored procedures) login and password (stored into
session)... but does it make really sense ?

thx.

-- 
Alain
------------------------------------
Windows XP SP3
PostgreSQL 8.2.4 / MS SQL server 2005
Apache 2.2.4
PHP 5.2.4
C# 2005-2008

Reply via email to