tomcat-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Warner Onstine" <>
Subject Re: Tomcat and Security
Date Fri, 16 Jun 2000 18:04:20 GMT
An early version of Https is in the latest sources which you can grab from
cvs by going here:

Costin put in the initial changes and I am currently working on client-side
auth (hopefully sometime today).


----- Original Message -----
From: "Russell Rice" <>
To: <>
Sent: Friday, June 16, 2000 7:45 AM
Subject: Tomcat and Security

> I am presently using Tomcat 3.1 for demonstrating prototypes of a web
> application my company is working on.  However, there is no real security
> (HTTPS) in Tomcat 3.1. While I have read the dev mailing list archives and
> hear some talk about SSL, is this a real goal for 3.2 or just a wishing
> point.  While I can get SSL with Apache and Tomcat I would prefer just
> Tomcat since I do not need a heavy weight Web Server and the additional
> complication it brings to the project.  While I have the Sun JCE and could
> modify the code from 3.1, I am not near as familiar with the internal code
> as the members of this group.  Yet, having SSL is a real need for this
> project.  So, if there is anything I can help with to further this part of
> Tomcat, please ask.
> Some ideas I would like to see in Tomcat.
> Http (80)  - Standard Class path;   (Mostly my login screens)
> Https (443) - Separate Class path; or some external way to prevent
>                     particular classes from being available outside of SSL
> Running on the same computer.

View raw message