tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Johnny Kewl" <j...@kewlstuff.co.za>
Subject Re: [tomcat]How to decrypt the DIGEST authentication?
Date Mon, 05 Nov 2007 07:42:15 GMT
---------------------------------------------------------------------------
HARBOR: http://coolharbor.100free.com/index.htm
Now Tomcat is also a cool pojo application server
---------------------------------------------------------------------------

Just a note...

The way you are doing it, makes it difficult for normal people to get into 
the site, but a top calss hacker will get into your site unless you use SSL.

The big advantage of using DIGEST as you have done, is yes in makes normal 
people PAY to get info, but the main thing is that often users will use the 
same password they use to logon at work. ie their microsoft password.... and 
thats where DIGEST is very good.

So you giving your site a little protection, but more important, is you 
stopping a hacker from getting into everything else that use does.... like 
their bank account.

If this application has critical information moving over the wire... what 
you are doing is no good :(

Have fun.....


---------------------------------------------------------------------
To start a new topic, e-mail: users@tomcat.apache.org
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org


Mime
View raw message