tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Fisher, Mitchell L" <Mitchell.Fis...@unisys.com>
Subject RE: session hijacking again
Date Wed, 31 Jan 2007 00:32:57 GMT
> Without SSL, though, remember that anyone who is capable of hijacking
> the session is probably also capable of sniffing your users'
> credentials. What are the implications of that? If it is unacceptable
to
> have your credentials go over the network in cleartext, then you will
> simply have to break down and use SSL.

How practical is it to use NTLM authentication w/ Tomcat?  And if not
NTLM, then Digest Authentication, while not as strong as NTLM, is
supported by Tomcat.  Either prevents transmission of credentials in
clear text.

Mitchell Fisher 

---------------------------------------------------------------------
To start a new topic, e-mail: users@tomcat.apache.org
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org


Mime
View raw message