There are a lot of factors that will determine if you login is secture things like

1) Whats your password policy?

2) Do you have a time delayed lockout features, when the password is entered wrongly 3 times?

3) what error message is returened when there is an incorrect login, Does it give to much information away

4) Are you filtereing for nastly charectors on all data sent from the client before the server processes that data?

5) Does the server check to see if a user is loged in when requesting pages that you should only be able to if you have loged in?

And so

Hopefully that should start you on the path. Try www.owasp.org for some more infor they have a good paper on how to secure a web app.

SittingDuck