It doesn't hurt
-Tim
Christopher Schultz wrote:
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Tim,
Tim Funk wrote:
<security-constraint> only works to say I want pages to be encrypted.
Not the latter.
Oh, of course. I hadn't really thought of that ;)
The typical complaint is a developer wishes to encrypt the login process
and nothing else. <security-constraint> only guarantees that your pages
are secure - but does nothing to get you away from ssl.
Would you say it's worth it to use a <security-constraint> +
CONFIDENTIAL for those pages that are important to be secure (as a
sanity check)?
---------------------------------------------------------------------
To start a new topic, e-mail: users@tomcat.apache.org
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]