Use SSL with Form Based AUTH. Then all traffic is SSL protected.
Dave Naden wrote:
I can set up Tomcat's authentication fine, either basic (or digest) or form-based. Everything I read seems to prefer form-based, because you can customize the screen. However, basic as least encrypts the userID/password, and digest does that even better. But form-based just sends these thing as clear text, does it not? Isn't this an argument against form-based authentication for a simple web app?
-Dave Naden
--------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
-- ******************************************* * Rick Roberts * * Advanced Information Technologies, Inc. * *******************************************
--------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
