tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Pid...@pidster.com>
Subject Re: How can the login page see parameters in the original request?
Date Tue, 30 Dec 2008 14:26:38 GMT
removeps-groups@yahoo.com wrote:

> Only if certain secret fields and values are present, do I want to generate the login
page.  

They're not really secret if you're passing them as parameters.
It sounds like you're trying to over-engineer something, which often
results in no security improvements and sometimes introduces flaws.

What is your real goal?

p


> ---------------------------------------------------------------------
> To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
> For additional commands, e-mail: users-help@tomcat.apache.org
> 
> 


---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org


Mime
View raw message