Mark,
Thanks for the reply. Sorry it took me a bit to get back to you on this.
Comments inline.
OK. I see this as just being a password that is so long that it has
to be written down (eg on the USB key) and physically carried around
by the user. There is an interesting debate here as to
Hi,
I've been working on some code for Form authentication in Tomcat that I think
you all might be interested in. In addition to implementing the current
J2EE/Servlet spec for authentication (i.e. j_security_check with two keys:
j_username, j_password authenticated with the Realm), it also
Hi Mark,
Thanks for your comments. My responses inline.
1. Your reference to sending an encrypted user certificate file to the
server demonstrates a lack of understanding of PKI that undermines my
confidence that you know what you are doing when it comes to security.
I think I wasn't being