You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@tomcat.apache.org by faisal shabbir <fa...@hotmail.com> on 2002/12/03 06:49:25 UTC
query
Hi,
I have just implemented ssl on tomcat4.0 by using jsse. Now
on running my application i found that ssl is working on all of the pages.
Problem is that i want ssl to work on the pages that contains sensitive
information. How can i turn ON and OFF ssl on jsp pages.
Thanks.
> >
> > _________________________________________________________________
> > The new MSN 8: smart spam protection and 2 months FREE*
> > http://join.msn.com/?page=features/junkmail
> >
> >
_________________________________________________________________
Help STOP SPAM with the new MSN 8 and get 2 months FREE*
http://join.msn.com/?page=features/junkmail
--
To unsubscribe, e-mail: <ma...@jakarta.apache.org>
For additional commands, e-mail: <ma...@jakarta.apache.org>
Re: query
Posted by Martin Jacobson <ma...@libero.it>.
faisal shabbir wrote:
>
> Hi,
> I have just implemented ssl on tomcat4.0 by using jsse. Now
> on running my application i found that ssl is working on all of the
> pages. Problem is that i want ssl to work on the pages that contains
> sensitive information. How can i turn ON and OFF ssl on jsp pages.
>
You really don't want to do this! Apart from securing the 'visible' data
passing between the client and the server, SSL also secures the session
id. Once a hacker has got the session id, he can masquerade as the
client. Probably not what you want :-)
HTH,
Martin
--
To unsubscribe, e-mail: <ma...@jakarta.apache.org>
For additional commands, e-mail: <ma...@jakarta.apache.org>