tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Konstantin Kolinko" <knst.koli...@gmail.com>
Subject Re: How can the login page see parameters in the original request?
Date Wed, 31 Dec 2008 13:43:21 GMT
2008/12/30  <removeps-groups@yahoo.com>:
> To hide the existence of the page from robots.
>
> --- On Tue, 12/30/08, Pid <p@pidster.com> wrote:
>
>> From: Pid <p@pidster.com>
>> Subject: Re: How can the login page see parameters in the original request?
>> To: "Tomcat Users List" <users@tomcat.apache.org>
>> Date: Tuesday, December 30, 2008, 6:26 AM
>> removeps-groups@yahoo.com wrote:
>>
>> > Only if certain secret fields and values are present,
>> do I want to generate the login page.
>>
>> They're not really secret if you're passing them as
>> parameters.
>> It sounds like you're trying to over-engineer
>> something, which often
>> results in no security improvements and sometimes
>> introduces flaws.
>>
>> What is your real goal?
>>
>

How about passing them with the Session?

---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org


Mime
View raw message