Actually, if you use SSL at all, you need to use if from the
beginning to the end of the session. Otherwise all of the value of
SSL is lost once the user begins transmitting his session tokens
(JSESSIONID) across an insecure link.
-dhs
Dean H. Saxe, CISSP, CEH
[EMAIL PROTECTED]
Here in
PROTECTED]
Sent by: [EMAIL PROTECTED]
05/18/2007 08:11 AM
Please respond to
discussion@acfug.org
To
discussion@acfug.org
cc
Subject
Re: [ACFUG Discuss] problem with session variables (i think) - DISREGARD I
SOLVED IT
Actually, if you use SSL at all, you need to use if from the beginning
Please respond to
discussion@acfug.org
To
discussion@acfug.org
cc
Subject
Re: [ACFUG Discuss] problem with session variables (i think) - DISREGARD I
SOLVED IT
No, because if you login and then switch to plain HTTP, what is to prevent
me from stealing your session token at that point
You can generate certs through keytool, part of the JDK.
-dhs
Dean H. Saxe, CISSP, CEH
[EMAIL PROTECTED]
Dissent is the purest form of patriotism.
--Thomas Jefferson
On May 18, 2007, at 9:53 AM, Mischa Uppelschoten ext 10 wrote:
: 2. On my local server these are the same because I
: 2. On my local server these are
the same because I don't have SSL set
up.: That's why it works fine there.
I had the same issue and I "resolved
it" by exporting my certificate from production
onto my test server. The browser will throw
and error message saying that the certificate
To
discussion@acfug.org
cc
Subject
Re: [ACFUG Discuss] problem with session variables (i think) -
DISREGARD I SOLVED IT
Actually, if you use SSL at all, you need to use if from the
beginning to the end of the session. Otherwise all of the value of
SSL is lost once the user begins