Return-Path: Delivered-To: apmail-jakarta-tomcat-user-archive@apache.org Received: (qmail 27057 invoked from network); 10 Jan 2003 01:45:42 -0000 Received: from exchange.sun.com (192.18.33.10) by daedalus.apache.org with SMTP; 10 Jan 2003 01:45:42 -0000 Received: (qmail 28091 invoked by uid 97); 10 Jan 2003 01:46:45 -0000 Delivered-To: qmlist-jakarta-archive-tomcat-user@jakarta.apache.org Received: (qmail 28051 invoked by uid 97); 10 Jan 2003 01:46:44 -0000 Mailing-List: contact tomcat-user-help@jakarta.apache.org; run by ezmlm Precedence: bulk List-Unsubscribe: List-Subscribe: List-Help: List-Post: List-Id: "Tomcat Users List" Reply-To: "Tomcat Users List" Delivered-To: mailing list tomcat-user@jakarta.apache.org Received: (qmail 28036 invoked by uid 98); 10 Jan 2003 01:46:44 -0000 X-Antivirus: nagoya (v4218 created Aug 14 2002) Date: Fri, 10 Jan 2003 10:51:42 +0900 From: Joel Rees To: "Tomcat Users List" Subject: Re: HTTPS to HTTP In-Reply-To: <03f101c2b7cf$648d4b90$0b7bfea9@w9b1jqmyjsd9ds1> References: <3E1D527D.7040709@qmul.ac.uk> <03f101c2b7cf$648d4b90$0b7bfea9@w9b1jqmyjsd9ds1> Message-Id: <20030110104637.4D76.JOEL@alpsgiken.gr.jp> MIME-Version: 1.0 Content-Type: text/plain; charset="US-ASCII" Content-Transfer-Encoding: 7bit X-Mailer: Becky! ver. 2.00.11 X-Spam-Rating: daedalus.apache.org 1.6.2 0/1000/N X-Spam-Rating: daedalus.apache.org 1.6.2 0/1000/N > Thats is my exact situation. The sysadmin section of teh site is 100% https. > but the on the user side there is nothing that sensitive and little harm > they could be cause stealing someones session. It would not be worth going > to the trouble of stealing the session for the benefit you would get. But how does the intruder know in advance that there is nothing valuable on the site? And what about the damage that could be done by a l33t h4x0r d00d just out for a joy-ride? Mixing secure with insecure might be something of an attractive nuisance, I'd think. -- Joel Rees -- To unsubscribe, e-mail: For additional commands, e-mail: