The docs say you can change the location of the .keystore file. Where "should"
it go?
The docs show server.xml has it here: keystoreFile="${user.home}/.keystore"
That would be the root directory where tomcat is installed?
-----Original Message-----
From: Caldarale, Charles R [mailto:chuck.caldar...@unisys.com]
Sent: Wednesday, February 24, 2010 8:44 AM
To: Tomcat Users List
Subject: RE: Question about SSL
> From: Christopher Schultz [mailto:ch...@christopherschultz.net]
> Subject: Re: Question about SSL
>
> 1. Request protected resource, non-CONFIDENTIAL 2. Tomcat responds
> with login page, login page is configured as CONFIDENTIAL
I can't remember if that works; it would only be useful if the resumed request
stayed with HTTPS. I've never found a case where encrypting the login without
encrypting the protected resource makes any sense.
> In this case, is the user redirected to the login page using SSL?
My recollection is that the login page is SSL, and the cookie is secure, but
I'd have to double-check. We've managed to convince people that a secure login
for unsecure resources is pretty much pointless.
- Chuck
THIS COMMUNICATION MAY CONTAIN CONFIDENTIAL AND/OR OTHERWISE PROPRIETARY
MATERIAL and is thus for use only by the intended recipient. If you received
this in error, please contact the sender and delete the e-mail and its
attachments from all computers.
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org
