I do not know if I understand well but I can give my opinion.
Firts of all. What version of jdk are you using?. The virtual machine
of the browser has ssl support (I think) but if you are using Java Plug-In
at the cliente site it does not.
The posibility to set different communication mechanisms (SSL or not
SSL) in the same web server it depens on the web server: In Netscape for
example you have to install two web server instances (with different name)
and in Apache it is possible for diferent domains.
Related to the de-compiled question. As I know the decopiled tools
decompiles only class file and not values of variables on runtime. Then if
you store this value on runtime it is not possible to obtains this value.
On the other hand if you set a different flag (value) for different session
with timeout I think it will be enough it is not secure 100 % but it
depends on the important of the data that you are using. If you need a more
efficient security mechanism, for example you can use certificates ... But
it depends on the application, the scope ...
Good Luck
___________________________________________________________________________
To unsubscribe, send email to [EMAIL PROTECTED] and include in the body
of the message "signoff SERVLET-INTEREST".
Archives: http://archives.java.sun.com/archives/servlet-interest.html
Resources: http://java.sun.com/products/servlet/external-resources.html
LISTSERV Help: http://www.lsoft.com/manuals/user/user.html
