David, a way to handle this obfuscation is to save the "magic word" into the session. The algorithm would be something like this:
1. Obtain a random string from a dictionary (your magic word). 2. Put it in your session 3. In the image generator servlet, retrieve the word to show from the session, not from the URL (I suppose you knew this :-) 4. Your login page doesn't have to deal with the "magic word" in any way. 5. When receiving login data, match the apropriate parameter to your magic word. If they match, the user can enter your application. 6. If they don't match, go back to step 1 (re-generate the "magic word" before the next try). Hope this help you :-) Regards ___________________________________________________________________________ To unsubscribe, send email to [EMAIL PROTECTED] and include in the body of the message "signoff SERVLET-INTEREST". Archives: http://archives.java.sun.com/archives/servlet-interest.html Resources: http://java.sun.com/products/servlet/external-resources.html LISTSERV Help: http://www.lsoft.com/manuals/user/user.html
