tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From John Russell <jorus...@cisco.com>
Subject encrypt a single page
Date Tue, 13 May 2003 14:15:17 GMT
I have found the quote below in the SSL howto located at

http://jakarta.apache.org/tomcat/tomcat-4.1-doc/ssl-howto.html

This is _exactly_ what I want to do, (only encrypt a single page) but
can't for the life of me figure out how to _only_ encrypt that page and
no others after it. 

I understand how to check the incoming scheme from a jsp to determine
whether or not a request was made using https, but if it was and I want
to switch back to http how can I do that?  

I could paste a new url together and send a redirect, but how do I know
what ports are configured by the server as the secure and not secure
ports?  We are using non-standard ports so those are required parts of
the url. I get rashes when I hard code numbers into my code and a user
may change the ports in the Tomcat config file. 

So in summary, can anyone tell me the standard way to only use https on
a single page and then switch back to http.  Thanks for you time.




---------------------------------------------------
Quote:

It is not strictly necessary to run an entire web application over SSL,
and indeed a developer can pick and choose which pages require a secure
connection and which do not. For a reasonably busy site, it is customary
to only run certain pages under SSL, namely those pages where sensitive
information could possibly be exchanged. This would include things like
login pages, .... Any page within an application can be requested over a
secure socket by simply prefixing the address with https: instead of
http:. Any pages which absolutely require a secure connection should
check the protocol type associated with the page request and take the
appropriate action of https is not specified.

----------------------------------------------------


---------------------------------------------------------------------
To unsubscribe, e-mail: tomcat-user-unsubscribe@jakarta.apache.org
For additional commands, e-mail: tomcat-user-help@jakarta.apache.org


Mime
View raw message