RE: Authentication - Best practice

2005-01-12 Thread Rajaneesh
Try http://jakarta.apache.org/tomcat/tomcat-4.1-doc/realm-howto.html for Simple Authentication. Is there any reason why you are going to Realm specifically. If the application security is least of concern then it would be ok. Else it would be better to go for other security soln. Regards

RE: Authentication - Best practice

2005-01-12 Thread Quinten Verheyen
What's insecure about using a realm ? Security level is dependant on the realm type (e.g. jdbc/jndi can be used to), no ? -Original Message- From: Rajaneesh [mailto:[EMAIL PROTECTED] Sent: 12 January 2005 12:13 To: 'Tomcat Users List' Subject: RE: Authentication - Best practice

RE: Authentication - Best practice

2005-01-12 Thread Rajaneesh
List Subject: RE: Authentication - Best practice What's insecure about using a realm ? Security level is dependant on the realm type (e.g. jdbc/jndi can be used to), no ? -Original Message- From: Rajaneesh [mailto:[EMAIL PROTECTED] Sent: 12 January 2005 12:13 To: 'Tomcat Users List

RE: Authentication - Best practice

2005-01-12 Thread Rajaneesh
Ok! I found the link... It is here. java.sun.com/developer/Books/certification/scwcd_9.pdf Regards Rajaneesh -Original Message- From: Rajaneesh [mailto:[EMAIL PROTECTED] Sent: Wednesday, January 12, 2005 4:57 PM To: 'Tomcat Users List' Subject: RE: Authentication - Best practice Hi

RE: Authentication - Best practice

2005-01-12 Thread Quinten Verheyen
need it. ps thank you for the link -Original Message- From: Rajaneesh [mailto:[EMAIL PROTECTED] Sent: 12 January 2005 12:29 To: 'Rajaneesh'; 'Tomcat Users List' Subject: RE: Authentication - Best practice Ok! I found the link... It is here. java.sun.com/developer/Books

Re: Authentication - Best practice

2005-01-12 Thread Nikola Milutinovic
Rajaneesh wrote: Hi, It uses Base64 for sending the data. Heard that Base64 data is easily compramised compared to SSL. Please correct me if I am wrong. You are not wrong. HTTP Basic authentication uses base64 encoding of user credentials. base64 is encoding, not encrypting. The only thing

Re: Authentication - Best practice

2005-01-12 Thread PA
On Jan 12, 2005, at 12:03, VAN DER MARLIERE FREDERIC wrote: My question is: are there best pratice on how to use realm? RFC 2617 - HTTP Authentication: Basic and Digest Access Authentication http://www.faqs.org/rfcs/rfc2617.html In a nutshell, neither Basic nor Digest offers much in terms of

Re: Authentication - Best practice

2005-01-12 Thread PA
On Jan 12, 2005, at 13:04, Nikola Milutinovic wrote: SSL is encryption using asymetric+symetric encryption. Asymetric is used for the initial handshake/negotiation (usually RSA) and symmetric is for the channel traffic encryption (usually 3DES). You can also use TLS for authentication purpose