tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Craig R. McClanahan" <craig...@apache.org>
Subject Re: HTTPS to HTTP
Date Fri, 10 Jan 2003 02:05:30 GMT


On Fri, 10 Jan 2003, Joel Rees wrote:

> Date: Fri, 10 Jan 2003 10:56:37 +0900
> From: Joel Rees <joel@alpsgiken.gr.jp>
> Reply-To: Tomcat Users List <tomcat-user@jakarta.apache.org>
> To: Tomcat Users List <tomcat-user@jakarta.apache.org>
> Subject: Re: HTTPS to HTTP
>
> > I don't think that performance is a reason to keep
> > the session after a switch because in the most
> > applications the amount of protocol switches is
> > quite small when compared to the total number of
> > requests within one protocol.
>
> A possibly stupid question -- is it possible to send graphics raw and
> text encrypted?
>

Sure ... make your <img src="..."> URLs in the encrypted pages point at
absolute "http:" (not "https:") URLs of where the images are.

> (This could leave a trap for obscurationists who send confirmation codes
> as images, of course.)

If you're going to switch from https->http, you are totally wasting your
time messing with https in the first place.  It buys you nothing except a
*perception* that you are more secure -- that is not the reality.

>
> --
> Joel Rees <joel@alpsgiken.gr.jp>
>

Craig


--
To unsubscribe, e-mail:   <mailto:tomcat-user-unsubscribe@jakarta.apache.org>
For additional commands, e-mail: <mailto:tomcat-user-help@jakarta.apache.org>


Mime
View raw message