tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Santos, Paulo" <>
Subject SSL login page question
Date Mon, 28 Nov 2005 18:09:16 GMT


I have a form based login page and I want to make sure that HTTPS is
always used when logging in. But the catch is that the URL the user is
trying to go to may not be using HTTPS but HTTP. We just want to make
sure that the user logs into the web app using SSL always. The security
constraint for the login page is CONFIDENTIAL.  Is there any way to
ensure that the user logs in using SSL even though the URL they want to
go to uses HTTP?


Thanks in advance I'd appreciate any help,






User wants to go to http://someHostName/index.jsp


The login page comes up.


The user logs in and goes to the URL listed above.


I need to make sure that the login name and password are encrypted when
they submit the login data.

  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message