tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Joel Rees <j...@alpsgiken.gr.jp>
Subject Re: HTTPS to HTTP
Date Fri, 10 Jan 2003 01:51:42 GMT
> Thats is my exact situation. The sysadmin section of teh site is 100% https.
> but the on the user side there is nothing that sensitive and little harm
> they could be cause stealing someones session. It would not be worth going
> to the trouble of stealing the session for the benefit you would get.

But how does the intruder know in advance that there is nothing
valuable on the site? And what about the damage that could be done by a
l33t h4x0r d00d just out for a joy-ride? 

Mixing secure with insecure might be something of an attractive nuisance,
I'd think.

-- 
Joel Rees <joel@alpsgiken.gr.jp>


--
To unsubscribe, e-mail:   <mailto:tomcat-user-unsubscribe@jakarta.apache.org>
For additional commands, e-mail: <mailto:tomcat-user-help@jakarta.apache.org>


Mime
View raw message