You are viewing a plain text version of this content. The canonical link for it is here.

Posted to users@tomcat.apache.org by faisal shabbir <fa...@hotmail.com> on 2002/12/03 06:49:25 UTC

query







Hi,
   I have just implemented ssl on tomcat4.0 by using jsse. Now
on running my application i found that ssl is working on all of the  pages. 
Problem is that i want ssl to work on the pages that contains sensitive 
information. How can i turn ON and OFF ssl on jsp pages.

Thanks.




> >
> > _________________________________________________________________
> > The new MSN 8: smart spam protection and 2 months FREE*
> > http://join.msn.com/?page=features/junkmail
> >
> >


_________________________________________________________________
Help STOP SPAM with the new MSN 8 and get 2 months FREE*  
http://join.msn.com/?page=features/junkmail


--
To unsubscribe, e-mail:   <ma...@jakarta.apache.org>
For additional commands, e-mail: <ma...@jakarta.apache.org>

Re: query

Posted by Martin Jacobson <ma...@libero.it>.

faisal shabbir wrote:
> 
> Hi,
>   I have just implemented ssl on tomcat4.0 by using jsse. Now
> on running my application i found that ssl is working on all of the  
> pages. Problem is that i want ssl to work on the pages that contains 
> sensitive information. How can i turn ON and OFF ssl on jsp pages.
> 

You really don't want to do this! Apart from securing the 'visible' data 
passing between the client and the server, SSL also secures the session 
id. Once a hacker has got the session id, he can masquerade as the 
client. Probably not what you want :-)

HTH,
Martin

--
To unsubscribe, e-mail:   <ma...@jakarta.apache.org>
For additional commands, e-mail: <ma...@jakarta.apache.org>