tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Erik Price <>
Subject Re: forwarding to j_security_check?
Date Tue, 15 Apr 2003 21:31:05 GMT

Mark R. Diggory wrote:
> I guess what I'm suggesting is that your sending a redirect response to 
> the browser with the users password parameterized in it, I also suspect 
> it would be exposed on the address bar if you stop the redirect from 
> occuring, this is exposing the users password over the network (possibly 
> after working very hard to secure it with digest and ssl) and is not a 
> very secure thing to do. This is why I was looking for a forwarding 
> strategy that would stay within the server itself.

If you are using ssl, wouldn't this response be encrypted as well?


To unsubscribe, e-mail:
For additional commands, e-mail:

View raw message