G
Ghost
I am trying to set up a secure website. Each page will require user
authentication. The majority of this website is written in servlets
and JSPs. I was wondering what the most secure approach would be.
If I use a login page, that login page will need to send the parameter
values: "name" and "password" over an HTTP request to a servlet that
would query a database to see if that user is a registerd user. This
does not seem very secure.
Is there a more secure way to do this? How secure is it to use web.xml
to store user names and passwords? Is it better to use a database to
store these values?
Any suggestions would be appreciated. Thanks in advance.
authentication. The majority of this website is written in servlets
and JSPs. I was wondering what the most secure approach would be.
If I use a login page, that login page will need to send the parameter
values: "name" and "password" over an HTTP request to a servlet that
would query a database to see if that user is a registerd user. This
does not seem very secure.
Is there a more secure way to do this? How secure is it to use web.xml
to store user names and passwords? Is it better to use a database to
store these values?
Any suggestions would be appreciated. Thanks in advance.