tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From André Warnier ...@ice-sa.com>
Subject Re: problem with Invalid direct reference to form login page
Date Thu, 24 Dec 2009 22:14:21 GMT
scorpioy wrote:
> Thanks for the reply. I think I'm not really accessing the login page. I just
> have a copy of it and named it as login_auto.jsp. This page is not
> registered in web.xml, and is not under any restricted path.
> 
> I just let servlet to forward to this page, then let javascript in this page
> to do automatic form login for the user. Can I do that?
> 
> 
The question that comes to mind of course, is : if you send a login form 
to the client, but you put javascript in it that fills in the userid and 
password automatically, then why do you bother sending the form in the 
first place ?
Maybe I am missing something here, but does that not sound a bit .. 
insecure for instance ?


---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org


Mime
View raw message