A bheja

Greenhorn
+ Follow
since Mar 17, 2009
Merit badge: grant badges
For More
Cows and Likes
Cows
Total received
In last 30 days
0
Forums and Threads

Recent posts by A bheja

I have been looking for this information as well. I am now able to allow/block extensions through <security-constraint> but am not able to pick and chose secure/non-secure pages. I found a lot of pages that confirms you can do it but none that has any specific examples. I have been reading about rewrite rules but have not been able to located anything related to our topic.

Please let me know if you have found something.

Thanks!

"For a reasonably busy site, it is customary to only run certain pages under SSL, namely those pages where sensitive information could possibly be exchanged. This would include things like login pages, personal information pages, and shopping cart checkouts, where credit card information could possibly be transmitted. Any page within an application can be requested over a secure socket by simply prefixing the address with https: instead of http:. Any pages which absolutely require a secure connection should check the protocol type associated with the page request and take the appropriate action if https is not specified."
http://tomcat.apache.org/tomcat-6.0-doc/ssl-howto.html
15 years ago