Ah ok, in that case I'm not worried ;-) The security level aimed for should be dependant on the application/client types of the company, there are a lot of (mostly small) companies who do not want more security then HTTP Basic authentication simply because none of the applications they develop "need" it.
ps thank you for the link > -----Original Message----- > From: Rajaneesh [mailto:[EMAIL PROTECTED] > Sent: 12 January 2005 12:29 > To: 'Rajaneesh'; 'Tomcat Users List' > Subject: RE: Authentication - Best practice > > > > Ok! > > I found the link... It is here. > > java.sun.com/developer/Books/certification/scwcd_9.pdf > > Regards > Rajaneesh > > -----Original Message----- > From: Rajaneesh [mailto:[EMAIL PROTECTED] > Sent: Wednesday, January 12, 2005 4:57 PM > To: 'Tomcat Users List' > Subject: RE: Authentication - Best practice > > > Hi, > > It uses Base64 for sending the data. Heard that Base64 data > is easily > compramised compared to SSL. > > Please correct me if I am wrong. > > Regards > Rajaneesh > > -----Original Message----- > From: Quinten Verheyen [mailto:[EMAIL PROTECTED] > Sent: Wednesday, January 12, 2005 4:48 PM > To: Tomcat Users List > Subject: RE: Authentication - Best practice > > > What's insecure about using a realm ? > Security level is dependant on the realm type (e.g. jdbc/jndi > can be used > to), no ? > > > -----Original Message----- > > From: Rajaneesh [mailto:[EMAIL PROTECTED] > > Sent: 12 January 2005 12:13 > > To: 'Tomcat Users List' > > Subject: RE: Authentication - Best practice > > > > > > Try > > http://jakarta.apache.org/tomcat/tomcat-4.1-doc/realm-howto.html for > > Simple Authentication. > > Is there any reason why you are going to Realm specifically. If the > > application security is > > least of concern then it would be ok. Else it would be better > > to go for > > other security soln. > > > > Regards > > Rajaneesh > > > > > > > > -----Original Message----- > > From: VAN DER MARLIERE FREDERIC > > [mailto:[EMAIL PROTECTED] > > Sent: Wednesday, January 12, 2005 4:34 PM > > To: tomcat-user@jakarta.apache.org > > Subject: Authentication - Best practice > > > > > > Hi all. > > > > For the web-application I'm developping, I need the user to > > authenticate > > himself. > > I read tomcat documentation and found the realms. > > My question is: are there best pratice on how to use realm? > > > > Thanks. > > Fred. > > > > > > ---------------------------------------------------- > > Ce message et toutes les pieces jointes (ci-apres le "message") sont > > confidentiels et etablis a l'intention exclusive de ses > destinataires. > > Toute utilisation ou diffusion non autorisee est > > interdite.Tout message > > electronique est susceptible d'alteration. > > Le CREDIT DU NORD et ses filiales declinent toute > > responsabilite au titre de > > ce message s'il a ete altere, deforme ou falsifie. > > This message and any attachments ( the "message") are > confidential and > > intended solely for the addressees. > > Any unauthorised use or dissemination is prohibited.E-mails > > are susceptible > > to alteration. > > Neither CREDIT DU NORD nor any of its subsidiaries or > > affiliates shall be > > liable for the message if altered, changed or falsified. > > ---------------------------------------------------- > > > > > > > > > --------------------------------------------------------------------- > > To unsubscribe, e-mail: [EMAIL PROTECTED] > > For additional commands, e-mail: [EMAIL PROTECTED] > > > > > > --------------------------------------------------------------------- > To unsubscribe, e-mail: [EMAIL PROTECTED] > For additional commands, e-mail: [EMAIL PROTECTED] > > --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
