[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [users@httpd] Authentication options besides basic

Basic authentication within SSL connection is actually pretty secure, but not very user-friendly. For instance, digest authentication is actually less secure, because it forces you to store passwords in plaintext.

Form authentication, like everything inside the webpage, is better be left to a layer above the web server. If you don't like basic authentication, you probably need to implement authentication as part of your Tomcat application.

With Best Regards,
Marat Khalili

To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx
For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx