Security encompasses a bunch of different things -
authentication, access control, confidentiality, integrity, non-repudiation, etc
etc. SSL (at least currently) is primarily for confidentiality - servers are
always authenticated BUT clients are only _optionally_ authenticated. Unless you
set up client certificates, your application will definitely require BASIC or
FORM-based logins.
Arved
Sandstrom
|