tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Erik Price <epr...@ptc.com>
Subject Re: forwarding to j_security_check?
Date Tue, 15 Apr 2003 21:31:05 GMT


Mark R. Diggory wrote:
> I guess what I'm suggesting is that your sending a redirect response to 
> the browser with the users password parameterized in it, I also suspect 
> it would be exposed on the address bar if you stop the redirect from 
> occuring, this is exposing the users password over the network (possibly 
> after working very hard to secure it with digest and ssl) and is not a 
> very secure thing to do. This is why I was looking for a forwarding 
> strategy that would stay within the server itself.

If you are using ssl, wouldn't this response be encrypted as well?


Erik


---------------------------------------------------------------------
To unsubscribe, e-mail: tomcat-user-unsubscribe@jakarta.apache.org
For additional commands, e-mail: tomcat-user-help@jakarta.apache.org


Mime
View raw message