Lior Shliechkorn wrote:
function SetDomain(d) { document.domain = d; }Hi,First, I recommend you run Tomcat with the SecurityManager:
I need help in adding some extra security to the login servlet for my application. I wanted to know how I can secure servlets without having to declare realms in Tomcat. I have a login page that posts to a servlet, and I want to make that servlet secure? The checking for user and password is performed by a database, and from what I understood realms that are created prompt a user for information once entering a secure area. Where can I read more information about security, and what suggestions might you have for me to implement.
Thanks
http://jakarta.apache.org/tomcat/tomcat-4.1-doc/security-manager-howto.html
Second, you can certainly use a secure transport when interacting with your Servlet:
see Servlet 2.4 section SRV.12.8 Specifying Security Constraint.
-- Jeanfrancois
---------------------------------
Do you Yahoo!?
Y! Web Hosting - Let the expert host your web site
-- To unsubscribe, e-mail: <mailto:tomcat-user-unsubscribe@;jakarta.apache.org> For additional commands, e-mail: <mailto:tomcat-user-help@;jakarta.apache.org>
