I can set up Tomcat's authentication fine, either basic (or digest) or form-based. Everything I read seems to prefer form-based, because you can customize the screen. However, basic as least encrypts the userID/password, and digest does that even better. But form-based just sends these thing as clear text, does it not? Isn't this an argument against form-based authentication for a simple web app? -Dave Naden
--------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
