-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 einojah,
einojah wrote: > I have an admin area in my application I want to secure. > I know I can define a security constraint to set a basic or digest > authentication for a url pattern. > > But, I don't want the /admin area to be shown outside at all. What do you want the behavior to be when someone tries to access an /admin URL from the outside? > The basic > authentication is extremely weak and digest auth. also doesn't provide > enough security. Why won't digest auth provide enough security for you? Have you considered form-based auth over SSL? > Is it possible to "hide" an url pattern on the outside, but have it > available when accessing from the server machine? There are ways to do this, but the best way depends on what you want to actually happen when someone requests a URL from /admin. So, let me know and I'll make a recommendation. - -chris -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.9 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iEYEARECAAYFAkkTSvIACgkQ9CaO5/Lv0PAc+gCfUEzxdRxYPsQ245n5HrmbBDuG l8wAmwbmVsWda69cTUk3rTDitN0a6rrT =ZFg4 -----END PGP SIGNATURE----- --------------------------------------------------------------------- To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
