Ulf Dittmer wrote:Using HTTPS is largely independent of using authentication. The application will need to create appropriate absolute URLs with the desired protocol, though.
If you could please elaborate on this and how HTTPS is independent of using authentication.
Are you talking about the XML publishing framework? What does that have to do with any security aspects?Cocoon for example.
Also folks around talk about extending the container-managed authentication and do their own; like you said. This might be an option to go by. But it still not a trivial matter to decide the way to go.
You can use authentication with or without HTTPS. The two don't really have anything to do with each other.
Cocoon for example.
What I want to know here, is that if we don't use HTTS to transmit user authentication info, then what are other options are available for use in a web app.
Also, how much security we can obtain when using HTTS or other methods, in order to achieve a robust security system, with focus mostly on user Authentication.
HTTPS is used for encrypted web traffic, not for authentication. For authentication you have BASIC, DIGEST, FORM and CERTIFICATE.
I like tacos! And this tiny ad:
Smokeless wood heat with a rocket mass heater
https://woodheat.net
|