> Without SSL, though, remember that anyone who is capable of hijacking > the session is probably also capable of sniffing your users' > credentials. What are the implications of that? If it is unacceptable to > have your credentials go over the network in cleartext, then you will > simply have to break down and use SSL.
How practical is it to use NTLM authentication w/ Tomcat? And if not NTLM, then Digest Authentication, while not as strong as NTLM, is supported by Tomcat. Either prevents transmission of credentials in clear text. Mitchell Fisher --------------------------------------------------------------------- To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
