tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From August Detlefsen <augustd...@yahoo.com>
Subject Re: Force Non-SSL
Date Thu, 26 May 2005 00:43:27 GMT
Is there no way to do it? SSL creates a lot of overhead for a site that
is serving up 100MB image files. 




--- Tim Funk <funkman@joedog.org> wrote:
> no
> 
> -Tim
> 
> August Detlefsen wrote:
> > In my webapp I force clients to use SSL encryption for logins with
> a
> > security constraint and transport-guarantee elements like this: 
> > 
> >     <security-constraint>
> >       <web-resource-collection>
> >         <web-resource-name>Login</web-resource-name>
> >         <url-pattern>/login/*</url-pattern>
> >       </web-resource-collection>
> > 
> >       <user-data-constraint>
> >         <transport-guarantee>CONFIDENTIAL</transport-guarantee>
> >       </user-data-constraint>
> >     </security-constraint>
> > 
> > However, once a user hits the login page, every subsequent page
> also
> > uses https. Is there a way to force them back to regular http once
> they
> > leave the login section? 
> 
> 
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: tomcat-user-unsubscribe@jakarta.apache.org
> For additional commands, e-mail: tomcat-user-help@jakarta.apache.org
> 
> 

---------------------------------------------------------------------
To unsubscribe, e-mail: tomcat-user-unsubscribe@jakarta.apache.org
For additional commands, e-mail: tomcat-user-help@jakarta.apache.org


Mime
View raw message