You need to look at the user-data-constraint section of your web.xml. Basically it can allow you to control how the server transmits the authentication information.
http://www.onjava.com/pub/a/onjava/2001/08/06/webform.html?page=2 Search down for Enforcing SSL Jim Clayson wrote: > Hi, > > Should it be common practice to send login details (username + > password) via SSL? I'll be using form-based authentication and was > wondering about how to beef up the security of transmitting username > and password over http. > > If so how is this generally achieved ie how would one specify that all > logins should be marked as CONFIDENTIAL? > > Thanks > Jim > > > -- > To unsubscribe, e-mail: > <mailto:[EMAIL PROTECTED]> > For additional commands, e-mail: > <mailto:[EMAIL PROTECTED]> > > -- To unsubscribe, e-mail: <mailto:[EMAIL PROTECTED]> For additional commands, e-mail: <mailto:[EMAIL PROTECTED]>
