Authentication - Best practice

2005-01-12 Thread VAN DER MARLIERE FREDERIC
Hi all. For the web-application I'm developping, I need the user to authenticate himself. I read tomcat documentation and found the realms. My question is: are there best pratice on how to use realm? Thanks. Fred. Ce message et toutes les

RE: Authentication - Best practice

2005-01-12 Thread Rajaneesh
Rajaneesh -Original Message- From: VAN DER MARLIERE FREDERIC [mailto:[EMAIL PROTECTED] Sent: Wednesday, January 12, 2005 4:34 PM To: tomcat-user@jakarta.apache.org Subject: Authentication - Best practice Hi all. For the web-application I'm developping, I need the user to authenticate himself

RE: Authentication - Best practice

2005-01-12 Thread Quinten Verheyen
What's insecure about using a realm ? Security level is dependant on the realm type (e.g. jdbc/jndi can be used to), no ? -Original Message- From: Rajaneesh [mailto:[EMAIL PROTECTED] Sent: 12 January 2005 12:13 To: 'Tomcat Users List' Subject: RE: Authentication - Best practice

RE: Authentication - Best practice

2005-01-12 Thread Rajaneesh
List Subject: RE: Authentication - Best practice What's insecure about using a realm ? Security level is dependant on the realm type (e.g. jdbc/jndi can be used to), no ? -Original Message- From: Rajaneesh [mailto:[EMAIL PROTECTED] Sent: 12 January 2005 12:13 To: 'Tomcat Users List

RE: Authentication - Best practice

2005-01-12 Thread Rajaneesh
Ok! I found the link... It is here. java.sun.com/developer/Books/certification/scwcd_9.pdf Regards Rajaneesh -Original Message- From: Rajaneesh [mailto:[EMAIL PROTECTED] Sent: Wednesday, January 12, 2005 4:57 PM To: 'Tomcat Users List' Subject: RE: Authentication - Best practice Hi

RE: Authentication - Best practice

2005-01-12 Thread Quinten Verheyen
need it. ps thank you for the link -Original Message- From: Rajaneesh [mailto:[EMAIL PROTECTED] Sent: 12 January 2005 12:29 To: 'Rajaneesh'; 'Tomcat Users List' Subject: RE: Authentication - Best practice Ok! I found the link... It is here. java.sun.com/developer/Books

Re: Authentication - Best practice

2005-01-12 Thread Nikola Milutinovic
Rajaneesh wrote: Hi, It uses Base64 for sending the data. Heard that Base64 data is easily compramised compared to SSL. Please correct me if I am wrong. You are not wrong. HTTP Basic authentication uses base64 encoding of user credentials. base64 is encoding, not encrypting. The only thing

Re: Authentication - Best practice

2005-01-12 Thread PA
On Jan 12, 2005, at 12:03, VAN DER MARLIERE FREDERIC wrote: My question is: are there best pratice on how to use realm? RFC 2617 - HTTP Authentication: Basic and Digest Access Authentication http://www.faqs.org/rfcs/rfc2617.html In a nutshell, neither Basic nor Digest offers much in terms of

Re: Authentication - Best practice

2005-01-12 Thread PA
On Jan 12, 2005, at 13:04, Nikola Milutinovic wrote: SSL is encryption using asymetric+symetric encryption. Asymetric is used for the initial handshake/negotiation (usually RSA) and symmetric is for the channel traffic encryption (usually 3DES). You can also use TLS for authentication purpose