Return-Path: Delivered-To: apmail-tomcat-users-archive@www.apache.org Received: (qmail 24837 invoked from network); 31 Dec 2008 13:44:03 -0000 Received: from hermes.apache.org (HELO mail.apache.org) (140.211.11.2) by minotaur.apache.org with SMTP; 31 Dec 2008 13:44:03 -0000 Received: (qmail 21969 invoked by uid 500); 31 Dec 2008 13:43:51 -0000 Delivered-To: apmail-tomcat-users-archive@tomcat.apache.org Received: (qmail 21937 invoked by uid 500); 31 Dec 2008 13:43:51 -0000 Mailing-List: contact users-help@tomcat.apache.org; run by ezmlm Precedence: bulk List-Help: List-Unsubscribe: List-Post: List-Id: Reply-To: "Tomcat Users List" Delivered-To: mailing list users@tomcat.apache.org Received: (qmail 21926 invoked by uid 99); 31 Dec 2008 13:43:51 -0000 Received: from nike.apache.org (HELO nike.apache.org) (192.87.106.230) by apache.org (qpsmtpd/0.29) with ESMTP; Wed, 31 Dec 2008 05:43:51 -0800 X-ASF-Spam-Status: No, hits=-0.0 required=10.0 tests=SPF_PASS X-Spam-Check-By: apache.org Received-SPF: pass (nike.apache.org: domain of knst.kolinko@gmail.com designates 209.85.218.13 as permitted sender) Received: from [209.85.218.13] (HELO mail-bw0-f13.google.com) (209.85.218.13) by apache.org (qpsmtpd/0.29) with ESMTP; Wed, 31 Dec 2008 13:43:43 +0000 Received: by bwz6 with SMTP id 6so15047232bwz.0 for ; Wed, 31 Dec 2008 05:43:22 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=domainkey-signature:received:received:message-id:date:from:to :subject:in-reply-to:mime-version:content-type :content-transfer-encoding:content-disposition:references; bh=dV7TsHTb5gsdbKIYVyJmCJn1JeQfDph0oDQj9QI+/I0=; b=ujnk0tVGnzBf7GkII7qN62NutNqyPrXVvpEtcG19J050c2xVhHZZHL+tdkJbeJLNH9 q0lewIq90o6TaZh++P5WKnp7LuOmhXGp/Z117f8pzFp1H9UxLE7ZDCI4jXWpY5zwJutG Z+O/GCadtIpfCTwu4vy7OoXYqws2n4jYpYuTA= DomainKey-Signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma; h=message-id:date:from:to:subject:in-reply-to:mime-version :content-type:content-transfer-encoding:content-disposition :references; b=u//Ex2p82qM0Pawe6Fk4z2Y32Ml417n5VhAbF5XQMKB4OEpQ9HKYNYrDX4gE7oLBGP 2jDRt912XGuY+iQuDtstWxKqsfnffVX/Ej+05vX6oMrYc4hcVOpjnB+DWc2LX+z0mjNY mUs1gt4s4WU9MSIUt4nSfq59lxRhinuUcPn5s= Received: by 10.103.171.20 with SMTP id y20mr5712821muo.122.1230731001950; Wed, 31 Dec 2008 05:43:21 -0800 (PST) Received: by 10.103.199.7 with HTTP; Wed, 31 Dec 2008 05:43:21 -0800 (PST) Message-ID: <427155180812310543p563e068el45616b9f9bb56282@mail.gmail.com> Date: Wed, 31 Dec 2008 16:43:21 +0300 From: "Konstantin Kolinko" To: "Tomcat Users List" , removeps-groups@yahoo.com Subject: Re: How can the login page see parameters in the original request? In-Reply-To: <750755.93849.qm@web81101.mail.mud.yahoo.com> MIME-Version: 1.0 Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: 7bit Content-Disposition: inline References: <495A2F9E.1060300@pidster.com> <750755.93849.qm@web81101.mail.mud.yahoo.com> X-Virus-Checked: Checked by ClamAV on apache.org 2008/12/30 : > To hide the existence of the page from robots. > > --- On Tue, 12/30/08, Pid wrote: > >> From: Pid >> Subject: Re: How can the login page see parameters in the original request? >> To: "Tomcat Users List" >> Date: Tuesday, December 30, 2008, 6:26 AM >> removeps-groups@yahoo.com wrote: >> >> > Only if certain secret fields and values are present, >> do I want to generate the login page. >> >> They're not really secret if you're passing them as >> parameters. >> It sounds like you're trying to over-engineer >> something, which often >> results in no security improvements and sometimes >> introduces flaws. >> >> What is your real goal? >> > How about passing them with the Session? --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org For additional commands, e-mail: users-help@tomcat.apache.org