tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Gregor Schneider" <>
Subject j_security_check only safe via ssl?
Date Tue, 16 Dec 2008 21:40:40 GMT
Hi there,

I'm just wondering one thing:

When using formbased authentication within Tomcat aka
j-security_check, the credentials are sent over the wire.

No problem when using SSL, however, when using a simple HTTP-request,
I figure that this scenario might be a security-issue.

Does anybody have a suggestion how to make such a login safe without
having to install an SSL-certificate?

How are you handling this? Is everybody using SSL at least for authentication?

Appreciate your comments on this!

just because your paranoid, doesn't mean they're not after you...
gpgp-fp: 79A84FA526807026795E4209D3B3FE028B3170B2
gpgp-key available @

To unsubscribe, e-mail:
For additional commands, e-mail:

View raw message