Hi, We had a small web application on tomcat 5.5. We use tomcat realm (MD5 digest) with the form-based login. I have a few questions on this.
1. When we use http, does the form-based login page send the username and password plainly or in the digested form? 2. We set up the ssl in 8443 port. All links in our application are relative link without the specified scheme. So currently all the links (including login page) go either through normal http or encrypted https. Is there anyway to limit the ssl only for the login page alone and make sure login page always go through ssl? Rest pages are really fairly low-risk stuff and we do not worry about the leak on them. Our site (http://sulfite.lis.illinois.edu:8080/InformProjectDev, https://sulfite.lis.illinois.edu:8443/InformProjectDev) Thanks. Sincerely Zhu, Guojun --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
