I am working on a Java/Struts application that uses Tomcat 6.0.10. It's a typical web application that allows users to edit some forms, and streams PDFs. Way back, we added: <security-constraint> <web-resource-collection> <web-resource-name>GeneralRequests</web-resource-name> <url-pattern>/WR1/*</url-pattern> </w...
Can I set Tomcat (or my webapp if it's done that way) to require SSL for confidentiality of the built-in Form-Based Login mechanism? i.e. to protect the users credentials, and use standard http for any other transactions? ...
I'm developing a journal web app and am trying to tackle what I foresee as the biggest problem - trusting me not to read other people's entries. The solution I have so far is: User gives a secret key each time they login. It is not stored with their user data and is only kept for the lifetime of the session. Each entry the user writes ...