On Jan 12, 2005, at 13:04, Nikola Milutinovic wrote:
SSL is encryption using asymetric+symetric encryption. Asymetric is
used for the initial handshake/negotiation (usually RSA) and symmetric
is for the channel traffic encryption (usually 3DES).
You can also use TLS for authentication purpose w
On Jan 12, 2005, at 12:03, VAN DER MARLIERE FREDERIC wrote:
My question is: are there best pratice on how to use realm?
RFC 2617 - HTTP Authentication: Basic and Digest Access Authentication
http://www.faqs.org/rfcs/rfc2617.html
In a nutshell, neither Basic nor Digest offers much in terms of
"secu
Rajaneesh wrote:
Hi,
It uses Base64 for sending the data. Heard that Base64 data is easily
compramised compared to SSL.
Please correct me if I am wrong.
You are not wrong. HTTP Basic authentication uses base64 encoding of
user credentials. base64 is encoding, not encrypting. The only thing yo
velop "need" it.
ps thank you for the link
> -Original Message-
> From: Rajaneesh [mailto:[EMAIL PROTECTED]
> Sent: 12 January 2005 12:29
> To: 'Rajaneesh'; 'Tomcat Users List'
> Subject: RE: Authentication - Best practice
>
>
>
&
Ok!
I found the link... It is here.
java.sun.com/developer/Books/certification/scwcd_9.pdf
Regards
Rajaneesh
-Original Message-
From: Rajaneesh [mailto:[EMAIL PROTECTED]
Sent: Wednesday, January 12, 2005 4:57 PM
To: 'Tomcat Users List'
Subject: RE: Authentication - Best pra
List
Subject: RE: Authentication - Best practice
What's insecure about using a realm ?
Security level is dependant on the realm type (e.g. jdbc/jndi can be used
to), no ?
> -Original Message-
> From: Rajaneesh [mailto:[EMAIL PROTECTED]
> Sent: 12 January 2005 12:13
> To: &
What's insecure about using a realm ?
Security level is dependant on the realm type (e.g. jdbc/jndi can be used to),
no ?
> -Original Message-
> From: Rajaneesh [mailto:[EMAIL PROTECTED]
> Sent: 12 January 2005 12:13
> To: 'Tomcat Users List'
> Subject: RE:
Try http://jakarta.apache.org/tomcat/tomcat-4.1-doc/realm-howto.html for
Simple Authentication.
Is there any reason why you are going to Realm specifically. If the
application security is
least of concern then it would be ok. Else it would be better to go for
other security soln.
Regards
Rajaneesh