Mark,
Thanks for the reply. Sorry it took me a bit to get back to you on this.
Comments inline.
>>OK. I see this as just being a password that is so long that it has
>>to be written down (eg on the USB key) and physically carried around
>>by the user. There is an interesting debate here as to
Hi Mark,
Thanks for your comments. My responses inline.
>1. Your reference to sending an encrypted user certificate file to the
>server demonstrates a lack of understanding of PKI that undermines my
>confidence that you know what you are doing when it comes to security.
I think I wasn't being
Hi,
I've been working on some code for Form authentication in Tomcat that I think
you all might be interested in. In addition to implementing the current
J2EE/Servlet spec for authentication (i.e. j_security_check with two keys:
j_username, j_password authenticated with the Realm), it also off
