tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Christopher Schultz <ch...@christopherschultz.net>
Subject Re: transport CONFIDENTIAL based on remote ip/host filter?
Date Tue, 05 Jun 2012 14:34:10 GMT
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Timothy,

On 6/4/12 7:11 PM, Timothy J Schumacher wrote:
> Yes, this is way better-Thanks!  I guess I wasn't realizing that
> forcing clients to use https implies "transport confidential"
> without actually configuring transport confidential in the
> web.xml.

<transport-guarantee>CONFIDENTIAL</transport-guarantee> is really so
the webapp can declare that it needs the container to protect its
communication. This allows a webapp to be deployed without the (human)
container operator having to understand all the needs of the webapp.
If you are both developer (of the webapp) and operator (of the
container) you are free to enforce the rules however you see fit.

If it were me, I'd leave the CONFIDENTIAL in web.xml just in case you
re-locate the webapp somewhere else where the container operator
doesn't know about this little trick you are implementing right now.

- -chris
-----BEGIN PGP SIGNATURE-----
Version: GnuPG/MacGPG2 v2.0.17 (Darwin)
Comment: GPGTools - http://gpgtools.org
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/

iEYEARECAAYFAk/OGOIACgkQ9CaO5/Lv0PCsKgCeMBn4PwwaG2pUJ8j6BbNguYTj
AIoAoML5Zh7mVwXzdsPjNstDkDOCQYiO
=xQFf
-----END PGP SIGNATURE-----

---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org


Mime
View raw message