• Post Reply Bookmark Topic Watch Topic
  • New Topic

Security Question  RSS feed

 
deepa raj
Ranch Hand
Posts: 124
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
"You can make transmitted data confidential only after your application has verified the user�s password."

the above statement is true or false?
 
Anand Bhatt
Ranch Hand
Posts: 189
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
"You can make transmitted data confidential only after your application has verified the user�s password."

False.
As container first check the value for <transpost-guarantee> tag in web.xml .Only after any type of Authentication/Autorization.
 
Ulf Dittmer
Rancher
Posts: 42970
73
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Using authentication and using HTTPS are independent of one another. It's perfectly fine to use HTTPS for communicating to an unauthenticated user.
 
Consider Paul's rocket mass heater.
  • Post Reply Bookmark Topic Watch Topic
  • New Topic
Boost this thread!