Hi there, I'm just wondering one thing:
When using formbased authentication within Tomcat aka j-security_check, the credentials are sent over the wire. No problem when using SSL, however, when using a simple HTTP-request, I figure that this scenario might be a security-issue. Does anybody have a suggestion how to make such a login safe without having to install an SSL-certificate? How are you handling this? Is everybody using SSL at least for authentication? Appreciate your comments on this! Gregor -- just because your paranoid, doesn't mean they're not after you... gpgp-fp: 79A84FA526807026795E4209D3B3FE028B3170B2 gpgp-key available @ http://pgpkeys.pca.dfn.de:11371 --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
