But be aware that quite simple changes in the configuration of tomcat can lead to big security holes. Guess what happens if you or somebody else someday decides to switch from basic authentification to form authentifcation and the sysadmin visits the user side and somebody steals the sysadmins session ...)
> -----Original Message----- > From: David Hemingway [mailto:[EMAIL PROTECTED]] > Sent: Thursday, January 09, 2003 12:08 PM > To: Tomcat Users List > Subject: Re: HTTPS to HTTP > > Thats is my exact situation. The sysadmin section of teh site > is 100% https. > but the on the user side there is nothing that sensitive and > little harm they could be cause stealing someones session. > It would not be worth going to the trouble of stealing the > session for the benefit you would get. > -- To unsubscribe, e-mail: <mailto:[EMAIL PROTECTED]> For additional commands, e-mail: <mailto:[EMAIL PROTECTED]>
