1 Reply Latest reply on Aug 28, 2005 12:45 PM by starksm64

question about web application with ssl and basic authentica

sviluppatorefico Aug 25, 2005 6:14 AM

I...i've configured tomcat with ssl support and my web application with transport-guarantee "CONFIDENTIAL". With this configuration when I go to http://localhost:8080/webapp, the server redirect me at https://localhost:8443/webapp. But before the redirect, I insert username and password through a "BASIC" authentication. I ask me if username and password are passed as crypted to the server because the padlock of the browser is activated only after the authentication

1. Re: question about web application with ssl and basic authen

starksm64 Aug 28, 2005 12:45 PM (in response to sviluppatorefico)

If all access to your webapp is configured to require confidential data transport, then there should be no data in the clear. You should test that the browser does not leak the auth header to regular http requests.
Actions