-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 To whom it may concern,
On 2/25/2010 2:11 AM, Cummins College wrote: > Actually we are designing a security layer over our web app. We want to give > the user an option of choosing between http or https on login. Hence the > need of changing from http to https or vice-versa at runtime. So, user A logs on and chooses HTTPS, switching the entire server over to HTTPS-only mode. Then, user B attempts to access the site using HTTP and the server wont pick up the phone. Brilliant. What happens if the server processes two requests at once: one for HTTP and one for HTTPS? You have a race condition for who wins at best and the possibility of disabling /both/ of your connectors, rendering your server inert. Why not simply allow users to use either HTTPS or HTTP at their leisure? You don't have to go turning connectors on and off for that kind of thing. - -chris -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.10 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iEYEARECAAYFAkuG3CkACgkQ9CaO5/Lv0PCt0QCffnARFn+t5hYzBHhmIG9nQ6xG cCkAoKbocNkFcunuYzkjFJ+WotA5agBB =hA7E -----END PGP SIGNATURE----- --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
