tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Nikola Milutinovic" <Nikola.Milutino...@ev.co.yu>
Subject Re: Security problem?
Date Fri, 07 Jun 2002 13:03:34 GMT
HTTPS Alone won't help much in the described szenario. 
HTTPS can't enshure that the user is not manipulating 
the request. To disable that you have to sign the data. 

I think it's better to use a complete different architecture.
If this has to be done with EJB as you suggest, a WebService 
over HTTPS or any other server2server communcationis a 
different topic)

---

Agreed.

Nix.
Mime
View raw message