tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Christopher Schultz <ch...@christopherschultz.net>
Subject Re: Recognizing certificate removal (SmartCard)
Date Wed, 05 Dec 2012 16:07:32 GMT
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

André,

On 12/5/12 3:12 AM, André Warnier wrote:
> Other than that, and without any pretense at offering a "solution"
> to the present issue, maybe this is the point where one needs to
> step back and ask oneself if this is really a problem of the
> application.

You're right: this is not a problem of the "application" (at least,
not the web application itself). Unfortunately, it's an operation
requirement which means it must be solved *somewhere*.

At this point, we're way off-topic where Tomcat is concerned. ;)

> If the environment is such that it is a concern that one might
> login using a card, then remove the card and walk away, leaving
> the workstation logged-in and a session open with some
> security-conscious application, for someone else to use at will,
> then maybe this is not a problem of the application at the other
> end, but a problem with the environment ? What for example if that
> same person walks away while leaving their card in the reader ?

Court martial. :)

- -chris
-----BEGIN PGP SIGNATURE-----
Version: GnuPG/MacGPG2 v2.0.17 (Darwin)
Comment: GPGTools - http://gpgtools.org
Comment: Using GnuPG with undefined - http://www.enigmail.net/

iEYEARECAAYFAlC/cUQACgkQ9CaO5/Lv0PAXGQCdGPdtFnEl8Cz0zpk9m9+GXMmc
Ms4Aniaxee53v/UY2ZGx8mFYd/CtlI3Z
=mHTz
-----END PGP SIGNATURE-----

---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org


Mime
View raw message