tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From removeps-gro...@yahoo.com
Subject Re: How can the login page see parameters in the original request?
Date Thu, 01 Jan 2009 15:53:55 GMT
Do you mean set session attributes?  How do you do that from the client side?


--- On Wed, 12/31/08, Konstantin Kolinko <knst.kolinko@gmail.com> wrote:

> From: Konstantin Kolinko <knst.kolinko@gmail.com>
> Subject: Re: How can the login page see parameters in the original request?
> To: "Tomcat Users List" <users@tomcat.apache.org>, removeps-groups@yahoo.com
> Date: Wednesday, December 31, 2008, 5:43 AM
> 2008/12/30  <removeps-groups@yahoo.com>:
> > To hide the existence of the page from robots.
> >
> > --- On Tue, 12/30/08, Pid <p@pidster.com> wrote:
> >
> >> From: Pid <p@pidster.com>
> >> Subject: Re: How can the login page see parameters
> in the original request?
> >> To: "Tomcat Users List"
> <users@tomcat.apache.org>
> >> Date: Tuesday, December 30, 2008, 6:26 AM
> >> removeps-groups@yahoo.com wrote:
> >>
> >> > Only if certain secret fields and values are
> present,
> >> do I want to generate the login page.
> >>
> >> They're not really secret if you're
> passing them as
> >> parameters.
> >> It sounds like you're trying to over-engineer
> >> something, which often
> >> results in no security improvements and sometimes
> >> introduces flaws.
> >>
> >> What is your real goal?
> >>
> >
> 
> How about passing them with the Session?
> 
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
> For additional commands, e-mail:
> users-help@tomcat.apache.org

---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org


Mime
View raw message