A
Aaron
Hey, I have a question about how secure the following will be....
I want to have a login form that posts to itself, so when it loads it checks
if there is a username and password on the query list.
If there is not, it asks for one.
If there is, it checks to see if the information is valid.
If it is not valid, it deletes the attributes and calls itself again.
If it is valid it sets a particular session variable to be some value and
redirects to the next page.
Every page from there on in will check to see if the session variable is set
and if not will redirect back to the login page.
Are there any security risks/holes that I should know about?
Thanks in advance,
Aaron
PS I do have access to Tomcat, but have been unable to figure out how to set
it up (this is my first time setting up security for a site) - so if anyone
has any tips/links that information would be most appreciated. Thanks
again.
I want to have a login form that posts to itself, so when it loads it checks
if there is a username and password on the query list.
If there is not, it asks for one.
If there is, it checks to see if the information is valid.
If it is not valid, it deletes the attributes and calls itself again.
If it is valid it sets a particular session variable to be some value and
redirects to the next page.
Every page from there on in will check to see if the session variable is set
and if not will redirect back to the login page.
Are there any security risks/holes that I should know about?
Thanks in advance,
Aaron
PS I do have access to Tomcat, but have been unable to figure out how to set
it up (this is my first time setting up security for a site) - so if anyone
has any tips/links that information would be most appreciated. Thanks
again.