Hi all.
For the web-application I'm developping, I need the user to authenticate
himself.
I read tomcat documentation and found the realms.
My question is: are there best pratice on how to use realm?
Thanks.
Fred.
Ce message et toutes les
Rajaneesh
-Original Message-
From: VAN DER MARLIERE FREDERIC
[mailto:[EMAIL PROTECTED]
Sent: Wednesday, January 12, 2005 4:34 PM
To: tomcat-user@jakarta.apache.org
Subject: Authentication - Best practice
Hi all.
For the web-application I'm developping, I need the user to authenticate
himself
What's insecure about using a realm ?
Security level is dependant on the realm type (e.g. jdbc/jndi can be used to),
no ?
-Original Message-
From: Rajaneesh [mailto:[EMAIL PROTECTED]
Sent: 12 January 2005 12:13
To: 'Tomcat Users List'
Subject: RE: Authentication - Best practice
List
Subject: RE: Authentication - Best practice
What's insecure about using a realm ?
Security level is dependant on the realm type (e.g. jdbc/jndi can be used
to), no ?
-Original Message-
From: Rajaneesh [mailto:[EMAIL PROTECTED]
Sent: 12 January 2005 12:13
To: 'Tomcat Users List
Ok!
I found the link... It is here.
java.sun.com/developer/Books/certification/scwcd_9.pdf
Regards
Rajaneesh
-Original Message-
From: Rajaneesh [mailto:[EMAIL PROTECTED]
Sent: Wednesday, January 12, 2005 4:57 PM
To: 'Tomcat Users List'
Subject: RE: Authentication - Best practice
Hi
need it.
ps thank you for the link
-Original Message-
From: Rajaneesh [mailto:[EMAIL PROTECTED]
Sent: 12 January 2005 12:29
To: 'Rajaneesh'; 'Tomcat Users List'
Subject: RE: Authentication - Best practice
Ok!
I found the link... It is here.
java.sun.com/developer/Books
Rajaneesh wrote:
Hi,
It uses Base64 for sending the data. Heard that Base64 data is easily
compramised compared to SSL.
Please correct me if I am wrong.
You are not wrong. HTTP Basic authentication uses base64 encoding of
user credentials. base64 is encoding, not encrypting. The only thing
On Jan 12, 2005, at 12:03, VAN DER MARLIERE FREDERIC wrote:
My question is: are there best pratice on how to use realm?
RFC 2617 - HTTP Authentication: Basic and Digest Access Authentication
http://www.faqs.org/rfcs/rfc2617.html
In a nutshell, neither Basic nor Digest offers much in terms of
On Jan 12, 2005, at 13:04, Nikola Milutinovic wrote:
SSL is encryption using asymetric+symetric encryption. Asymetric is
used for the initial handshake/negotiation (usually RSA) and symmetric
is for the channel traffic encryption (usually 3DES).
You can also use TLS for authentication purpose