I'm not a security export either, but SSL for logging in seems like a good idea. There is a SourceForge project http://sslext.sourceforge.net/ that extends Struts to add SSL. I'm wondering if the same can be done with WebWork somehow (primarily WebWork 2).
Perhaps a secure or ssl attribute could to added like so. <action name="com.company.LoginAction" alias="login"> <view name="success" ssl="true">login.vm</view> </action> All that would need to happen is the link is switched from http:// to https://. Cameron ----- Original Message ----- From: "Pat Lightbody" <[EMAIL PROTECTED]> To: <[EMAIL PROTECTED]> Subject: Re: [OS-webwork] SSL Actions Date: Tue, 24 Jun 2003 15:13:58 -0700 Reply-To: [EMAIL PROTECTED] I know I am a security idiot, so I can't really help you out here. But please keep me posted with whatever you find, that way we can document it :) -Pat ----- Original Message ----- From: <[EMAIL PROTECTED]> To: <[EMAIL PROTECTED]> Sent: Tuesday, June 24, 2003 10:16 AM Subject: [OS-webwork] SSL Actions > What are the general approaches for integrating SSL with WebWork? I would like a couple of actions dealing with user authentication and administration with SSL. At what layer do I force the web application to use an https connection? In the deployment descriptors, in a servlet filter, in a WebWork 2 interceptor, or in something else? > > Thanks, > Cameron ------------------------------------------------------- This SF.Net email sponsored by: Free pre-built ASP.NET sites including Data Reports, E-commerce, Portals, and Forums are available now. Download today and enter to win an XBOX or Visual Studio .NET. http://aspnet.click-url.com/go/psa00100006ave/direct;at.asp_061203_01/01 _______________________________________________ Opensymphony-webwork mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/opensymphony-webwork
