You are viewing a plain text version of this content. The canonical link for it is here.

Posted to users@tomcat.apache.org by jfc <jf...@btopenworld.com> on 2002/08/28 15:54:13 UTC

sending login details using SSL

Hi,

Should it be common practice to send login details (username + password) 
via SSL? I'll be using form-based authentication and was wondering about 
how to beef up the security of transmitting username and password over 
http.

I understand there is a transport-guarantee tag for use in web.xml. How 
would this generally be achieved ie how would one specify that all 
logins - regardless of which resource was requested, should be marked as 
CONFIDENTIAL?

Thanks
jfc



--
To unsubscribe, e-mail:   <ma...@jakarta.apache.org>
For additional commands, e-mail: <ma...@jakarta.apache.org>