tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Caldarale, Charles R" <Chuck.Caldar...@unisys.com>
Subject RE: How do I remove 'S' from HTTPS - JAAS configured on tomcat, JSF webapp
Date Wed, 02 Sep 2009 12:50:32 GMT
> From: Shantanu Upadhyaya [mailto:shantanu.u@gmail.com]
> Subject: How do I remove 'S' from HTTPS - JAAS configured on tomcat,
> JSF webapp
> 
> How do I remove HTTPS after login in ?

To quote Mark T:

"That is a really bad idea. If the threats to your system are such that
you need to protect the login process using SSL then you should be
providing the same level of protection for your session ID and running
everything post authentication over SSL."

Here's the whole thread:
http://marc.info/?t=125155237300001&r=1&w=2

 - Chuck


THIS COMMUNICATION MAY CONTAIN CONFIDENTIAL AND/OR OTHERWISE PROPRIETARY MATERIAL and is thus
for use only by the intended recipient. If you received this in error, please contact the
sender and delete the e-mail and its attachments from all computers.


---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org


Mime
View raw message