Also you better look into a client side applet for updating the password if you want to use a browser. If you pass the password info through the web then you defeat the entire purpose for using changepw. It's essentially insecure.Alex
Another option for Matthew is to choose https between browser and Tomcat. He should obviously use at least that. Or am I missing something?
Greetings from Hamburg,
Stefan
