It doesn't hurt
-Tim
Christopher Schultz wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> Tim,
>
> Tim Funk wrote:
>> <security-constraint> only works to say I want pages to be encrypted.
>> Not the latter.
>
> Oh, of course. I hadn't really thought of that ;)
>
>> The typical complaint is a developer wishes to encrypt the login process
>> and nothing else. <security-constraint> only guarantees that your pages
>> are secure - but does nothing to get you away from ssl.
>
> Would you say it's worth it to use a <security-constraint> +
> CONFIDENTIAL for those pages that are important to be secure (as a
> sanity check)?
>
---------------------------------------------------------------------
To start a new topic, e-mail: users@tomcat.apache.org
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org
|