servlet secure loging best practice
Hi i have written a couple of servlets that use from based login,
ie two fields which are queried against an online database,
- > fail > redirect to error page
- > success > redirect to next page
is this still " good practice" or is there a "better way"
from what i understand this is relatively secure as the web browser can't access anything but the html login page, which then sends the information to
tomcat, and the servlets process.
how can a hacker break into this sort of system, because i intend to build a few more of them ?