I have a server running linux RH8, JDK1.4, Jboss 3.2.1(and its JAAS implement) and mysql. Remote users can login with name/pass, via HTTPS browser.

I wonder how secure it is. And what potential caveat it has?

Thanks~~~