matt ara wrote:The logic that I would get the parameters from the form fields and then pull the username from the DB based on that form field and match to the password. Doesn't seem to be working out, is this heading in the right direction?
matt ara wrote:I modified my code to work with the JSP, and it just keeps kicking me out saying User Invalid when I know those users/pass are in the DB.
matt ara wrote:
Victor M. Pereira wrote:And change your form to POST for security reasons.
Prasad Krishnegowda wrote:POST is noway more secure than GET.
Prasad Krishnegowda wrote:Tim, can you please explain, which log files you were referring too..
If GET is not secure, POST is also not secure.
No request is secure simply based upon the choice of method.
Requests are secure by using SSL.
Bear Bibeault wrote:POST is no more secure than GET. It just doesn't show params on the URL. That extra level of "security" is a blip and is really no security at all.