Hello everyone, I have an issue that has been bugging me. It's with regards to loggin-in-security. I know there are other posts, but i cant find the answer that answers my question. When you create a web site using
JSF and
EJB( the managed beans or javabeans- cant really remember the difference at this point), how do you handle log in security. For example, when anyone logs in to this site he/she is asked for a username and password. Now, i have heard not to use your own "log in" when you create your own website. What i did, when i created the site using JSF, was to implement a logIn method, and this method called the 'select userName, Password from users' sql statement. If the sql statement found a match, it would return true, if not false. But, it seems this approach is wrong.
Now for my question, how would i go about it? If i dont implement my own logic- to call the database myself- how would i do it using EJB. I mean, dont you have to check the database to make sure the userName & passwords match? I assumed that i had to write the sql statement myself, but it seems i'm wrong. Please explain, i just want to learn.
Also, can people intercept the username and password when the user clicks log in? How does one prevent some else from intercepting this information?
Thank you.