tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From PA <petite.abei...@gmail.com>
Subject Re: Authentication - Best practice
Date Wed, 12 Jan 2005 12:15:20 GMT

On Jan 12, 2005, at 12:03, VAN DER MARLIERE FREDERIC wrote:

> My question is: are there best pratice on how to use realm?

RFC 2617 - HTTP Authentication: Basic and Digest Access Authentication

http://www.faqs.org/rfcs/rfc2617.html

In a nutshell, neither Basic nor Digest offers much in terms of 
"security". That said, Basic is usually "good enough" for casual access 
control.

An easy way to enhance the security level is to run the above over TLS. 
Perhaps even leveraging client side certificates if necessary.

In any case, the main question is: WYTM?

http://iang.org/ssl/wytm.html

Cheers,


--
PA
http://alt.textdrive.com/


---------------------------------------------------------------------
To unsubscribe, e-mail: tomcat-user-unsubscribe@jakarta.apache.org
For additional commands, e-mail: tomcat-user-help@jakarta.apache.org


Mime
View raw message