tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Brett Knights" <br...@knightsofthenet.com>
Subject Re: Tomcat security.
Date Fri, 09 Mar 2001 19:30:12 GMT


> Date: Fri, 09 Mar 2001 16:21:43
> To: tomcat-user@jakarta.apache.org
> From: "Thomas O' Connor" <thepropheto@hotmail.com>
> Subject: Tomcat security.
> Message-ID: <F678VMb5UWgP1A83xiD00004642@hotmail.com>
>
> Does anyone know a simple way to encrypt information sent
> from a jsp page
> hosted on tomcat and then decrypt the info when it reaches
> the database(ms
> access).
> Any help appreciated.
> Tom.

Typically the information isn't sent from the jsp page it's sent by the client's browser.

If you are sending sensitive information as well as receiving it your simplest option is SSL
:-) It isn't that difficult to set up
considering the possible security holes or development overhead in the alternatives.

There are various applet/servlet methods that would allow you to encrypt two way communications
between the browser and Tomcat.

I believe there are also Javascript methods to do the same. The problem with those is they
don't work with Netscape (in my
experience you can't modify a hidden field on Netscape which would force you to fall back
to opening and populating a new browser
window (min size 100 x 100) with the encrypted data and then posting that.



---------------------------------------------------------------------
To unsubscribe, e-mail: tomcat-user-unsubscribe@jakarta.apache.org
For additional commands, email: tomcat-user-help@jakarta.apache.org


Mime
View raw message