-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Darryl,
On 10/29/2010 9:19 AM, Darryl Lewis wrote: > Are you serious? > > Why do we bother with SSL then? Lets just send everything in clear text... You might be misunderstanding the way that SSL works if you think these two are comparable. A simple database credential system using a username and password is much different than SSL, which uses asymmetric keys to negotiate a symmetric key during the handshake. The symmetric key (analogous to the username/password pair above) is always sent via an encrypted channel and never plaintext. - -chris -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.10 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iEYEARECAAYFAkzO0XgACgkQ9CaO5/Lv0PDB9QCgv0qNLPwg50bpK+OWh11Gq5Qh 1AUAn3mP4Rt6YFao3CXsde+62z/rFoZP =lTNZ -----END PGP SIGNATURE----- --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org