cocoon-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Ulrich Mayring <>
Subject Re: Check for user login
Date Fri, 26 Jan 2001 10:46:17 GMT
Drasko Kokic wrote:
> it is rather smart piece of code ... you protect your
> URI in the web.xml and configure so called
> "RequestIntercepter" in the server.xml ... and it
> works on it's on:

Ok, sounds easy enough. But be aware of these points:

- URL-based schemes stop working when you move files around, change
directory/host names etc.
- you have an additional point of management (web.xml)
- you can only use it with certain servlet servers
- when your webserver is hacked, the intruder just needs to edit web.xml
and can delete your databases

> I have for my own SingleLogin project implemented the
> Cookie authorisation and LDAP authentication.

Do you plan to contribute this code? I could probably use it for the
auth taglib.



Ulrich Mayring
DENIC eG, Systementwicklung

View raw message