You are viewing a plain text version of this content. The canonical link for it is here.

Posted to users@tomcat.apache.org by "Santos, Paulo" <ps...@empirix.com> on 2005/11/28 19:09:16 UTC

SSL login page question

Hi,

 

I have a form based login page and I want to make sure that HTTPS is
always used when logging in. But the catch is that the URL the user is
trying to go to may not be using HTTPS but HTTP. We just want to make
sure that the user logs into the web app using SSL always. The security
constraint for the login page is CONFIDENTIAL.  Is there any way to
ensure that the user logs in using SSL even though the URL they want to
go to uses HTTP?

 

Thanks in advance I'd appreciate any help,

 

Paulo

 

Example:  

 

User wants to go to http://someHostName/index.jsp

 

The login page comes up.

 

The user logs in and goes to the URL listed above.

 

I need to make sure that the login name and password are encrypted when
they submit the login data.