On Fri, 26 Oct 2001, Taavi Tiirik wrote:
> Date: Fri, 26 Oct 2001 17:16:19 +0200
> From: Taavi Tiirik <[EMAIL PROTECTED]>
> Reply-To: [EMAIL PROTECTED]
> To: [EMAIL PROTECTED]
> Subject: RE: switch between http and https. how?
>
> > > I have Tomcat 4 running fine with both http and https protocols.
> > > I would like to use http for serving most of the documents and
> > > only j_security_check (form based login) should be done over
> > > https. How can I configure this?
> > >
> >
> > There is no way to configure this.
>
> Thanks, Craig!
>
> Now I am a bit lost. Would it make sense then to have a whole
> site served over https?
If you are concerned about someone hijacking your session, that's pretty
much the only choice.
> What are the best practices of
> secureing login information as well as session id cookie?
>
> with best wishes,
> Taavi
>
>
>
Craig
--
To unsubscribe, e-mail: <mailto:[EMAIL PROTECTED]>
For additional commands, e-mail: <mailto:[EMAIL PROTECTED]>
