On Fri, 10 Jan 2003, Joel Rees wrote:
> Date: Fri, 10 Jan 2003 10:56:37 +0900 > From: Joel Rees <[EMAIL PROTECTED]> > Reply-To: Tomcat Users List <[EMAIL PROTECTED]> > To: Tomcat Users List <[EMAIL PROTECTED]> > Subject: Re: HTTPS to HTTP > > > I don't think that performance is a reason to keep > > the session after a switch because in the most > > applications the amount of protocol switches is > > quite small when compared to the total number of > > requests within one protocol. > > A possibly stupid question -- is it possible to send graphics raw and > text encrypted? > Sure ... make your <img src="..."> URLs in the encrypted pages point at absolute "http:" (not "https:") URLs of where the images are. > (This could leave a trap for obscurationists who send confirmation codes > as images, of course.) If you're going to switch from https->http, you are totally wasting your time messing with https in the first place. It buys you nothing except a *perception* that you are more secure -- that is not the reality. > > -- > Joel Rees <[EMAIL PROTECTED]> > Craig -- To unsubscribe, e-mail: <mailto:[EMAIL PROTECTED]> For additional commands, e-mail: <mailto:[EMAIL PROTECTED]>
