tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Tim Funk <funk...@joedog.org>
Subject Re: Old Chestnut (http - https) causing some confusion
Date Fri, 29 Jun 2007 18:54:36 GMT
It doesn't hurt

-Tim

Christopher Schultz wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
> 
> Tim,
> 
> Tim Funk wrote:
>> <security-constraint> only works to say I want pages to be encrypted.
>> Not the latter.
> 
> Oh, of course. I hadn't really thought of that ;)
> 
>> The typical complaint is a developer wishes to encrypt the login process
>> and nothing else. <security-constraint> only guarantees that your pages
>> are secure - but does nothing to get you away from ssl.
> 
> Would you say it's worth it to use a <security-constraint> +
> CONFIDENTIAL for those pages that are important to be secure (as a
> sanity check)?
> 

---------------------------------------------------------------------
To start a new topic, e-mail: users@tomcat.apache.org
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org


Mime
View raw message