Hi, Should it be common practice to send login details (username + password) via SSL? I'll be using form-based authentication and was wondering about how to beef up the security of transmitting username and password over http.
I understand there is a transport-guarantee tag for use in web.xml. How would this generally be achieved ie how would one specify that all logins - regardless of which resource was requested, should be marked as CONFIDENTIAL? Thanks jfc -- To unsubscribe, e-mail: <mailto:[EMAIL PROTECTED]> For additional commands, e-mail: <mailto:[EMAIL PROTECTED]>
