tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Caldarale, Charles R" <Chuck.Caldar...@unisys.com>
Subject RE: where to set value of ALLOW_EQUALS_IN_VALUE property
Date Mon, 28 Jun 2010 19:47:18 GMT
> From: Julie Fellenz [mailto:julie.fellenz@doit.wisc.edu]
> Subject: Re: where to set value of ALLOW_EQUALS_IN_VALUE property
> 
> Will this property (ALLOW_EQUALS_IN_VALUE) still provide security
> required for confidential data?

If you're sending confidential data in a cookie over an unencrypted connection, then it's
not really confidential, is it?

If you are using an encrypted connection, then why does it matter where the parsing stops?

 - Chuck


THIS COMMUNICATION MAY CONTAIN CONFIDENTIAL AND/OR OTHERWISE PROPRIETARY MATERIAL and is thus
for use only by the intended recipient. If you received this in error, please contact the
sender and delete the e-mail and its attachments from all computers.


---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org


Mime
View raw message