aspose file tools*
The moose likes Tomcat and the fly likes Need advice on setting tomcat to use https: for username and password web page Big Moose Saloon
  Search | Java FAQ | Recent Topics | Flagged Topics | Hot Topics | Zero Replies
Register / Login


Win a copy of Spring in Action this week in the Spring forum!
JavaRanch » Java Forums » Products » Tomcat
Bookmark "Need advice on setting tomcat to use https: for username and password web page" Watch "Need advice on setting tomcat to use https: for username and password web page" New topic
Author

Need advice on setting tomcat to use https: for username and password web page

Joe McTigue
Ranch Hand

Joined: Mar 05, 2012
Posts: 52
Hi,

I'm creating a webpage which will have a sign-in page.
but I'm not sure how to configure or do what ever is needed to have tomcat use https: over regular http: so
the users password and username are not listed in the url for all to see.

Any help on this will be greatly appreciated.
Thanks.
Bear Bibeault
Author and ninkuma
Marshal

Joined: Jan 10, 2002
Posts: 61413
    
  67

https will not hide anything that's on the URL; it will still be displayed for all to see. What SSL will do is to encrypt the value during transmission.

Why aren't you using a POST so that the values aren't on the URL?

That way SSL will protect the values during tansmission, and no one standing over your shoulder can see the values in the address bar of the browser.


[Asking smart questions] [Bear's FrontMan] [About Bear] [Books by Bear]
 
I agree. Here's the link: http://aspose.com/file-tools
 
subject: Need advice on setting tomcat to use https: for username and password web page