-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Tim,
Tim Funk wrote: > <security-constraint> only works to say I want pages to be encrypted. > Not the latter. Oh, of course. I hadn't really thought of that ;) > The typical complaint is a developer wishes to encrypt the login process > and nothing else. <security-constraint> only guarantees that your pages > are secure - but does nothing to get you away from ssl. Would you say it's worth it to use a <security-constraint> + CONFIDENTIAL for those pages that are important to be secure (as a sanity check)? - -chris -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.7 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFGhVQY9CaO5/Lv0PARAtzDAKCBQEVY3aiyMDbIfQlAfLJ1lSD1ngCfRb59 BxjwCTpQDESIf4cxKXlJ5CE= =oq6f -----END PGP SIGNATURE----- --------------------------------------------------------------------- To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
