tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Craig R. McClanahan" <Craig.McClana...@eng.sun.com>
Subject Re: formbased security
Date Fri, 01 Dec 2000 00:43:29 GMT
John de la Garza wrote:

> arg!
>
> I meant insufficient...sorry
>

I wondered if that's what you really meant :-)

>
> Is there more than the servlet 2.2 spec?
>

You might look into some of the new books and articles coming out that talk
about servlet 2.2.  Or, you could ask specific questions on issues that are not
clear.

Form based login started making sense for me after I understood the basic
philosophy.  Have you ever accessed a web site that uses BASIC security to pop
up a username/password dialog box?  And then, after you were successfully
authenticated, the server gave you the requested page?

Form based login should feel very much like that from the user's perspective.
The first time he or she tries to access a protected page, the login page will
be shown first -- once they log on successfully, the originally requested page
will be shown.

It's not any more or less secure than BASIC authentication -- but form based
login lets you customize the look and feel of the login page, where BASIC
authentication does not.

Craig McClanahan



Mime
View raw message