tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Christopher Schultz <ch...@christopherschultz.net>
Subject Re: running tomcat6 under a different user than root (debian)
Date Mon, 01 Nov 2010 14:40:56 GMT
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Darryl,

On 10/29/2010 9:19 AM, Darryl Lewis wrote:
> Are you serious?
> 
> Why do we bother with SSL then?  Lets just send everything in clear text...

You might be misunderstanding the way that SSL works if you think these
two are comparable. A simple database credential system using a username
and password is much different than SSL, which uses asymmetric keys to
negotiate a symmetric key during the handshake. The symmetric key
(analogous to the username/password pair above) is always sent via an
encrypted channel and never plaintext.

- -chris
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10 (MingW32)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/

iEYEARECAAYFAkzO0XgACgkQ9CaO5/Lv0PDB9QCgv0qNLPwg50bpK+OWh11Gq5Qh
1AUAn3mP4Rt6YFao3CXsde+62z/rFoZP
=lTNZ
-----END PGP SIGNATURE-----

---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org


Mime
View raw message