Hi, It uses Base64 for sending the data. Heard that Base64 data is easily compramised compared to SSL.
Please correct me if I am wrong. Regards Rajaneesh -----Original Message----- From: Quinten Verheyen [mailto:[EMAIL PROTECTED] Sent: Wednesday, January 12, 2005 4:48 PM To: Tomcat Users List Subject: RE: Authentication - Best practice What's insecure about using a realm ? Security level is dependant on the realm type (e.g. jdbc/jndi can be used to), no ? > -----Original Message----- > From: Rajaneesh [mailto:[EMAIL PROTECTED] > Sent: 12 January 2005 12:13 > To: 'Tomcat Users List' > Subject: RE: Authentication - Best practice > > > Try > http://jakarta.apache.org/tomcat/tomcat-4.1-doc/realm-howto.html for > Simple Authentication. > Is there any reason why you are going to Realm specifically. If the > application security is > least of concern then it would be ok. Else it would be better > to go for > other security soln. > > Regards > Rajaneesh > > > > -----Original Message----- > From: VAN DER MARLIERE FREDERIC > [mailto:[EMAIL PROTECTED] > Sent: Wednesday, January 12, 2005 4:34 PM > To: tomcat-user@jakarta.apache.org > Subject: Authentication - Best practice > > > Hi all. > > For the web-application I'm developping, I need the user to > authenticate > himself. > I read tomcat documentation and found the realms. > My question is: are there best pratice on how to use realm? > > Thanks. > Fred. > > > ---------------------------------------------------- > Ce message et toutes les pieces jointes (ci-apres le "message") sont > confidentiels et etablis a l'intention exclusive de ses destinataires. > Toute utilisation ou diffusion non autorisee est > interdite.Tout message > electronique est susceptible d'alteration. > Le CREDIT DU NORD et ses filiales declinent toute > responsabilite au titre de > ce message s'il a ete altere, deforme ou falsifie. > This message and any attachments ( the "message") are confidential and > intended solely for the addressees. > Any unauthorised use or dissemination is prohibited.E-mails > are susceptible > to alteration. > Neither CREDIT DU NORD nor any of its subsidiaries or > affiliates shall be > liable for the message if altered, changed or falsified. > ---------------------------------------------------- > > > > --------------------------------------------------------------------- > To unsubscribe, e-mail: [EMAIL PROTECTED] > For additional commands, e-mail: [EMAIL PROTECTED] > > --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
--------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
