-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Timothy,
On 6/4/12 7:11 PM, Timothy J Schumacher wrote: > Yes, this is way better-Thanks! I guess I wasn't realizing that > forcing clients to use https implies "transport confidential" > without actually configuring transport confidential in the > web.xml. <transport-guarantee>CONFIDENTIAL</transport-guarantee> is really so the webapp can declare that it needs the container to protect its communication. This allows a webapp to be deployed without the (human) container operator having to understand all the needs of the webapp. If you are both developer (of the webapp) and operator (of the container) you are free to enforce the rules however you see fit. If it were me, I'd leave the CONFIDENTIAL in web.xml just in case you re-locate the webapp somewhere else where the container operator doesn't know about this little trick you are implementing right now. - -chris -----BEGIN PGP SIGNATURE----- Version: GnuPG/MacGPG2 v2.0.17 (Darwin) Comment: GPGTools - http://gpgtools.org Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iEYEARECAAYFAk/OGOIACgkQ9CaO5/Lv0PCsKgCeMBn4PwwaG2pUJ8j6BbNguYTj AIoAoML5Zh7mVwXzdsPjNstDkDOCQYiO =xQFf -----END PGP SIGNATURE----- --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
