[EMAIL PROTECTED] wrote:
Hello,
I'm having some trouble configuring secure connections. I have 2 webapps that I
deployed myself. One in /dspace and another one in /odin. I have set the
transport-guarantuee for both to INTEGRAL. I did this in their own
web.xml-files. In both cases I used / as url-pattern.
I have set the transport-guarantuee for /manager to CONFIDENTIAL.
I have set ciphers to (shortened) NULL_SHA and two others with encryption and
authentication.
When I browse the /dspace- and /odin-pages I het authentication and encryption,
while I only would like to have authentication.
Can anyone tell me/help me why I also get encryption in these cases?
The answer is simple, with SSL/TLS, there is no other way to guarantee
integrity of the transport, other than encrypting it. (All right, maybe
there is, but current implementations of HTTPS work this way). As for
authentication, it has got nothing to do with either INTEGRAL or
CONFIDENTIAL transport. It is a separate thing.
Autehntication gives means to establishing the trusted identity of a
user (checking if the ID given is authentic). It can be done via several
mechanisms, some of which are:
- HTTP Basic (user/pass in Base64 encoding)
- HTTP Digest (MD5 digest auth)
- HTTP SPNEGO (supported by MS IIS and Apache+mod_auth_krb/mod_spnego)
- Certificate (if a user has a personal certificate, it can be trusted
to have verified ID).
Nix.
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
