http://java.sun.com/j2ee/tutorial/1_3-fcs/doc/Security4.html Here, it says that
"Neither form-based authentication nor HTTP basic authentication is particularly secure. In form-based authentication, the content of the user dialog box is sent as plain text, and the target server is not authenticated. Basic authentication sends user names and passwords over the Internet as text that is uuencoded, but not encrypted. This form of authentication, which uses Base64 encoding, can expose your user names and passwords unless all connections are over SSL. If someone can intercept the transmission, the username and password information can easily be decoded."
How do you tackle this issue ?
Thanks
Devi