You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@tomcat.apache.org by Jim Clayson <ji...@btopenworld.com> on 2002/08/28 15:00:05 UTC
sending login credentials using SSL
Hi,
Should it be common practice to send login details (username + password)
via SSL? I'll be using form-based authentication and was wondering about
how to beef up the security of transmitting username and password over http.
If so how is this generally achieved ie how would one specify that all
logins should be marked as CONFIDENTIAL?
Thanks
Jim
--
To unsubscribe, e-mail: <ma...@jakarta.apache.org>
For additional commands, e-mail: <ma...@jakarta.apache.org>
Re: sending login credentials using SSL
Posted by Ben Walding <be...@walding.com>.
You need to look at the user-data-constraint section of your web.xml.
Basically it can allow you to control how the server transmits the
authentication information.
http://www.onjava.com/pub/a/onjava/2001/08/06/webform.html?page=2
Search down for
Enforcing SSL
Jim Clayson wrote:
> Hi,
>
> Should it be common practice to send login details (username +
> password) via SSL? I'll be using form-based authentication and was
> wondering about how to beef up the security of transmitting username
> and password over http.
>
> If so how is this generally achieved ie how would one specify that all
> logins should be marked as CONFIDENTIAL?
>
> Thanks
> Jim
>
>
> --
> To unsubscribe, e-mail:
> <ma...@jakarta.apache.org>
> For additional commands, e-mail:
> <ma...@jakarta.apache.org>
>
>
--
To unsubscribe, e-mail: <ma...@jakarta.apache.org>
For additional commands, e-mail: <ma...@jakarta.apache.org>