tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From footh <fo...@yahoo.com>
Subject Re: SSL and form-based login
Date Wed, 24 Nov 2004 04:29:35 GMT
You mean something along the lines of having code on
the top of each page that checks the protocol and
redirects if necessary?

Or is it something a little lower level, perhaps in
the Tomcat configuration or similar to an ASAPI
filter?

Pardon my ignorance but Tomcat is all new to me...I
previously had only worked with IIS.

--- Carl Howells <chowells@janrain.com> wrote:

> footh wrote:
> > Now that I think about it, most (if not all) of my
> > non-SSL links are in include files.  So, it is
> easy
> > enough to just place the full link in there.  What
> > bugs me is I've seen other sites with relative
> links
> > on SSL pages that go to the non-SSL version (even
> when
> > you hover over the link and your browser claims it
> is
> > going to https).  Using full links will be a pain
> too
> > for maintaining production and development
> > environments.  Ugh...
> > 
> 
> It's easy enough to write a filter that notices
> https requests for 
> resources that don't need to be protected, and
> redirects them to http. 
> That kind of thing is certainly what the sites you
> mention are doing.
> 
>
---------------------------------------------------------------------
> To unsubscribe, e-mail:
> tomcat-user-unsubscribe@jakarta.apache.org
> For additional commands, e-mail:
> tomcat-user-help@jakarta.apache.org
> 
> 



		
__________________________________ 
Do you Yahoo!? 
The all-new My Yahoo! - What will yours do?
http://my.yahoo.com 

---------------------------------------------------------------------
To unsubscribe, e-mail: tomcat-user-unsubscribe@jakarta.apache.org
For additional commands, e-mail: tomcat-user-help@jakarta.apache.org


Mime
View raw message