Hi i have written a couple of servlets that use from based login,

ie two fields which are queried against an online database,
- > fail > redirect to error page
- > success > redirect to next page

is this still " good practice" or is there a "better way"

from what i understand this is relatively secure as the web browser can't access anything but the html login page, which then sends the information to
tomcat, and the servlets process.

how can a hacker break into this sort of system, because i intend to build a few more of them ?