Hello, What kind of security risks are there if I use tomcat over https (http connector is disabled).
Would it be ok to assume that nobody can listen traffic between tomcat and browser? I do not pass any confidential information as url parameters (ie. all forms are using post method). Is it still possible to (somehow) steal session info and act as somebody else? with best wishes, Taavi -- To unsubscribe: <mailto:[EMAIL PROTECTED]> For additional commands: <mailto:[EMAIL PROTECTED]> Troubles with the list: <mailto:[EMAIL PROTECTED]>