Authentication - Best practice

[VAN DER MARLIERE FREDERIC <fr...@cdn.fr>]

Hi all.

For the web-application I'm developping, I need the user to authenticate
himself.
I read tomcat documentation and found the realms.
My question is: are there best pratice on how to use realm?

Thanks.
Fred.


----------------------------------------------------
Ce message et toutes les pieces jointes (ci-apres le "message") sont confidentiels et etablis a l'intention exclusive de ses destinataires.
Toute utilisation ou diffusion non autorisee est interdite.Tout message electronique est susceptible d'alteration.
Le CREDIT DU NORD et ses filiales declinent toute responsabilite au titre de ce message s'il a ete altere, deforme ou falsifie.
This message and any attachments ( the "message") are confidential and intended solely for the addressees.
Any unauthorised use or dissemination is prohibited.E-mails are susceptible to alteration.
Neither CREDIT DU NORD nor any of its subsidiaries or affiliates shall be liable for the message if altered, changed or falsified.
----------------------------------------------------

Re: Authentication - Best practice

[PA <pe...@gmail.com>]

On Jan 12, 2005, at 12:03, VAN DER MARLIERE FREDERIC wrote:

> My question is: are there best pratice on how to use realm?

RFC 2617 - HTTP Authentication: Basic and Digest Access Authentication

http://www.faqs.org/rfcs/rfc2617.html

In a nutshell, neither Basic nor Digest offers much in terms of 
"security". That said, Basic is usually "good enough" for casual access 
control.

An easy way to enhance the security level is to run the above over TLS. 
Perhaps even leveraging client side certificates if necessary.

In any case, the main question is: WYTM?

http://iang.org/ssl/wytm.html

Cheers,


--
PA
http://alt.textdrive.com/


---------------------------------------------------------------------
To unsubscribe, e-mail: tomcat-user-unsubscribe@jakarta.apache.org
For additional commands, e-mail: tomcat-user-help@jakarta.apache.org

RE: Authentication - Best practice

[Rajaneesh <ra...@slk-soft.com>]

Try http://jakarta.apache.org/tomcat/tomcat-4.1-doc/realm-howto.html for
Simple Authentication.
Is there any reason why you are going to Realm specifically. If the
application security is
least of concern then it would be ok. Else it would be better to go for
other security soln.

Regards
Rajaneesh



-----Original Message-----
From: VAN DER MARLIERE FREDERIC
[mailto:frederic.van_der_marliere@cdn.fr]
Sent: Wednesday, January 12, 2005 4:34 PM
To: tomcat-user@jakarta.apache.org
Subject: Authentication - Best practice


Hi all.

For the web-application I'm developping, I need the user to authenticate
himself.
I read tomcat documentation and found the realms.
My question is: are there best pratice on how to use realm?

Thanks.
Fred.


----------------------------------------------------
Ce message et toutes les pieces jointes (ci-apres le "message") sont
confidentiels et etablis a l'intention exclusive de ses destinataires.
Toute utilisation ou diffusion non autorisee est interdite.Tout message
electronique est susceptible d'alteration.
Le CREDIT DU NORD et ses filiales declinent toute responsabilite au titre de
ce message s'il a ete altere, deforme ou falsifie.
This message and any attachments ( the "message") are confidential and
intended solely for the addressees.
Any unauthorised use or dissemination is prohibited.E-mails are susceptible
to alteration.
Neither CREDIT DU NORD nor any of its subsidiaries or affiliates shall be
liable for the message if altered, changed or falsified.
----------------------------------------------------



---------------------------------------------------------------------
To unsubscribe, e-mail: tomcat-user-unsubscribe@jakarta.apache.org
For additional commands, e-mail: tomcat-user-help@jakarta.apache.org