And what happens with the user session ??? Every single
page a verify if the user session is Ok, if not I have to
redirect him to the login page. But if I do what you are
saying I will lost the user session.
Junior
On Fri, 9 Aug 2002 09:08:22 -0500
"Durham David Cntr 805CSS/SCBE"
<[EMAIL PROTECTED]> wrote:
>Why don't you just build your redirect after they log in.
>
>
> response.sendRedirect("http://"; + request.getHostName() +
> "/myApp/home.jsp");
>
>
>
>
>> -----Original Message-----
>> From: Drinkwater, GJ (Glen)
> [mailto:[EMAIL PROTECTED]]
>> Sent: Friday, August 09, 2002 8:52 AM
>> To: 'Tomcat Users List'
>> Subject: RE: SSL just for a login page
>>
>>
>> Hi
>>
>> I am not am expert in the security of the web at the
> moment.
>> Could you explain to me why this would open such a big
>> secuirty hole from
>> swapping from https to https.
>>
>> I was suggesting this because it read this i a
> 'professional
>> j2ee' book?!!
>>
>> The problem i have is that i need the username and
> password
>> to be encrypted
>> but i have heard that ssl hits performance quite badly!!
> I
>> dont think that
>> i could handle filtering, so what do you suggest for the
> security??
>>
>> What is the 'norm' for these such problems.
>>
>> Thanks Glen.
>>
>>
>> --
>> To unsubscribe, e-mail:
><mailto:[EMAIL PROTECTED]>
>For additional commands, e-mail:
> <mailto:[EMAIL PROTECTED]>
>
>
>--
>To unsubscribe, e-mail:
> <mailto:[EMAIL PROTECTED]>
>For additional commands, e-mail:
> <mailto:[EMAIL PROTECTED]>
>
-----------------------------------------
Prefiro as lágrimas da derrota
do que a vergonha de não ter lutado...
Willan Brook
-----------------------------------------
________________________________________________
Don't E-Mail, ZipMail! http://www.zipmail.com/
--
To unsubscribe, e-mail: <mailto:[EMAIL PROTECTED]>
For additional commands, e-mail: <mailto:[EMAIL PROTECTED]>
