ints and that's
actually the reason for this email.
On Tue, Jun 21, 2011 at 1:25 PM, Mark Thomas wrote:
> On 21/06/2011 17:05, Rafael Liu wrote:
> > Hey Chris,
> >
> > as you said, each problem compromise different kinds of things: account
> vs
> > credentials. And
Jun 21, 2011 at 11:46 AM, Christopher Schultz <
ch...@christopherschultz.net> wrote:
> -BEGIN PGP SIGNED MESSAGE-
> Hash: SHA1
>
> Rafael,
>
> On 6/20/2011 8:12 PM, Rafael Liu wrote:
> > Good point Chuck. I agree with you, the webapp wouldn't be all se
> To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
> For additional commands, e-mail: users-h...@tomcat.apache.org
>
>
--
Rafael Liu
+55 61 9608-7722
http://rafaelliu.net
e
> Firesheep extension for Firefox.
>
I am not trying to prevent session hijacking. That's not a requirement for
this system. The requirement is to secure the user password. I believe this
is a meaningful requirement.
> Cheers,
> André
>
> -Original Message-
>
On Jun 20, 2011 6:50 PM, "Caldarale, Charles R"
wrote:
>> From: Rafael Liu [mailto:rafael...@gmail.com]
>> Subject: Setting SSL for login pages
>
>> I think it would be natural something like this:
>
>>
>>
>> SSL login
>> /login/*
>>
r not.
As I see, the way it is, all authenticated pages must be set to CONFIDENTIAL
also (in case the user is not authenticated and ends up in the login page).
But if the user IS authenticated he is forced to use HTTPS too, and that I
was trying to avoid.
Am I missing something?
--
Rafael Liu
+
