On 24 June 2016 11:51:25 BST, Lyallex <lyal...@gmail.com> wrote: <snip/> >However I can't get my head around your assertion that forcing the use >of TLS is a 'user data constraint'
Have a look in the Servlet specification for that phrase. I don't have a copy to hand right now but it will be in the security section. > but it appears that any attempted >discussion of design decisions is considered a criticism at least and >a personal insult at worst so I won't go there. Design discussions are fine but your (over) reaction to criticism you imagine you might receive gives your emails an unnecessarily aggressive tone. There are other places this configuration could go. The Context being the most obvious. However, given the existing relationship between Realm, security constraints and user data constraints, Realm seems more logical. It is also consistent with the general approach in Tomcat of placing configuration on the element that uses it rather having everything on the Context. Mark --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
