tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From John Russell <jorus...@cisco.com>
Subject Re: encrypt a single page
Date Tue, 13 May 2003 15:16:34 GMT
Just for my own piece of mind, can someone answer me this....

Is the question below 

a) so boneheaded that no one will waste the keystrokes to respond to it?

or

b) not possible, go become a florist, its easier on the eyes?

Thanks

On Tue, 2003-05-13 at 10:15, John Russell wrote:
> I have found the quote below in the SSL howto located at
> 
> http://jakarta.apache.org/tomcat/tomcat-4.1-doc/ssl-howto.html
> 
> This is _exactly_ what I want to do, (only encrypt a single page) but
> can't for the life of me figure out how to _only_ encrypt that page and
> no others after it. 
> 
> I understand how to check the incoming scheme from a jsp to determine
> whether or not a request was made using https, but if it was and I want
> to switch back to http how can I do that?  
> 
> I could paste a new url together and send a redirect, but how do I know
> what ports are configured by the server as the secure and not secure
> ports?  We are using non-standard ports so those are required parts of
> the url. I get rashes when I hard code numbers into my code and a user
> may change the ports in the Tomcat config file. 
> 
> So in summary, can anyone tell me the standard way to only use https on
> a single page and then switch back to http.  Thanks for you time.
> 
> 
> 
> 
> ---------------------------------------------------
> Quote:
> 
> It is not strictly necessary to run an entire web application over SSL,
> and indeed a developer can pick and choose which pages require a secure
> connection and which do not. For a reasonably busy site, it is customary
> to only run certain pages under SSL, namely those pages where sensitive
> information could possibly be exchanged. This would include things like
> login pages, .... Any page within an application can be requested over a
> secure socket by simply prefixing the address with https: instead of
> http:. Any pages which absolutely require a secure connection should
> check the protocol type associated with the page request and take the
> appropriate action of https is not specified.
> 
> ----------------------------------------------------
> 
> 
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: tomcat-user-unsubscribe@jakarta.apache.org
> For additional commands, e-mail: tomcat-user-help@jakarta.apache.org
> 


---------------------------------------------------------------------
To unsubscribe, e-mail: tomcat-user-unsubscribe@jakarta.apache.org
For additional commands, e-mail: tomcat-user-help@jakarta.apache.org


Mime
View raw message