5 messages in com.mysql.lists.javajava servlet | From | Sent On | Attachments |
|---|---|---|
| Bin Cai | 15 Nov 2001 10:22 | |
| Ylan Segal | 15 Nov 2001 10:52 | |
| Chris Gerrist | 15 Nov 2001 10:54 | |
| lawrence lu | 15 Nov 2001 11:02 | |
| xudin | 18 Nov 2001 11:29 |
| Subject: | java servlet |
|---|---|
| From: | Bin Cai (ca...@ugrad.cs.ualberta.ca) |
| Date: | 11/15/2001 10:22:04 AM |
| List: | com.mysql.lists.java |
Hi, listers,
I have one concern. but I don't know if it is the problem.
I am developing web-base application. I am using java servlet ,tomcat and
mysql as database. I am doing administrator part,(adding students and questions
for exams)
first go to mainpage for administrator called "Administratorlogin", enter
the login and password. if they are valid, anoter servlet "Adminmenu"
invoked ( in this servlet, teacher can add student and questions).
but my concern is people can also get access directly to Adminmenu page by
typing the URL of this servlet, get around the login phase. this is
security problem. How can i prevent people get access directly to
"Adminmenu" page. make sure only one way to get access to Adminmenu
page, Administratorlogin -->Adminmenu
Besides, can anyone recommend me some good website to me give me some idea about how the "administrator" interface should looks like and how the program goes?
Thanks in advance bin