-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Mitchell,
Fisher, Mitchell L wrote: >> Without SSL, though, remember that anyone who is capable of hijacking >> the session is probably also capable of sniffing your users' >> credentials. What are the implications of that? If it is unacceptable > to >> have your credentials go over the network in cleartext, then you will >> simply have to break down and use SSL. > > How practical is it to use NTLM authentication w/ Tomcat? I dunno. > And if not NTLM, then Digest Authentication, while not as strong as > NTLM, is supported by Tomcat. Either prevents transmission of > credentials in clear text. Fair enough, but John already pointed out that he will be using SSL for the login process, even though they do not use SSL for the user's entire session. - -chris -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.6 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFFv/N19CaO5/Lv0PARAv0yAJ4rhd4nUkyu0k9MOoBXcd9VyKDYQQCgs8u1 0HCzlbPYGP+4Q102PCRU3z4= =uND5 -----END PGP SIGNATURE----- --------------------------------------------------------------------- To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
