• Post Reply
  • Bookmark Topic Watch Topic
  • New Topic

Security Question

 
deepa raj
Ranch Hand
Posts: 124
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
"You can make transmitted data confidential only after your application has verified the user�s password."

the above statement is true or false?
 
Anand Bhatt
Ranch Hand
Posts: 189
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
"You can make transmitted data confidential only after your application has verified the user�s password."

False.
As container first check the value for <transpost-guarantee> tag in web.xml .Only after any type of Authentication/Autorization.
 
Ulf Dittmer
Rancher
Posts: 42969
73
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Using authentication and using HTTPS are independent of one another. It's perfectly fine to use HTTPS for communicating to an unauthenticated user.
 
  • Post Reply
  • Bookmark Topic Watch Topic
  • New Topic