If all access to your webapp is configured to require confidential data transport, then there should be no data in the clear. You should test that the browser does not leak the auth header to regular http requests.
View the original post : http://www.jboss.org/index.html?module=bb&op=viewtopic&p=3891948#3891948 Reply to the post : http://www.jboss.org/index.html?module=bb&op=posting&mode=reply&p=3891948 ------------------------------------------------------- SF.Net email is Sponsored by the Better Software Conference & EXPO September 19-22, 2005 * San Francisco, CA * Development Lifecycle Practices Agile & Plan-Driven Development * Managing Projects & Teams * Testing & QA Security * Process Improvement & Measurement * http://www.sqe.com/bsce5sf _______________________________________________ JBoss-user mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/jboss-user
