For stress testing use Apache JMeter. good luck Richard
Drinkwater, GJ (Glen) wrote: >Yes, you are probably right, I will have to use ssl. > >Does anybody know of some good stress testing free software??? > >How does this sound. > >1)User logs on and username and password send over ssl. password md5 hashed >and compared against users on a database. >2)If valid user logs on, if not user sent to error page. >3) rest of session ssl. > >if database compromised, hash value would be no use??????? > >Lastly, how do i enforce that the whole of the web site must be over ssl, >except the initial welcome page so the user doesn't have to type in port >numbers > >is it something like this in the web.xml file. > ><security-constraint> > <web-resource-collection> > <web-resource-name>***</web-resource-name> > <url-pattern>/index.html</url-pattern> > </web-resource-collection> > <user-data-constraint> > <transport-guarantee>NONE</transport-guarantee> > </user-data-constraint> ></security-constraint> > ><security-constraint> > <web-resource-collection> > <web-resource-name>***</web-resource-name> > <url-pattern>/*</url-pattern> //or will this overwrite the >index.html > > <url-pattern>/*jsp</url-pattern> //should it be like this > <url-pattern>/data/*</url-pattern> > <url-pattern>/etc/*</url-pattern> //etc > <http-method>GET</http-method> > <http-method>POST</http-method> > </web-resource-collection> > <user-data-constraint> > <transport-guarantee>CONFIDENTIAL</transport-guarantee> > </user-data-constraint> ></security-constraint> > > > >-- >To unsubscribe, e-mail: <mailto:[EMAIL PROTECTED]> >For additional commands, e-mail: <mailto:[EMAIL PROTECTED]> > > > > -- To unsubscribe, e-mail: <mailto:[EMAIL PROTECTED]> For additional commands, e-mail: <mailto:[EMAIL PROTECTED]>