We have an internal site that uses basic authentication and is backed by LDAP. However, we would like to move to a more secure solution that uses a login page instead of the browser prompt for entering userid/password. We switched to using form authentication, but it passes credentials as tokens in the session. Is there a more secure option besides basic and form authentication? Also, we would like for authentication to be done by the Apache web server and passed to Tomcat. Thanks in advance for any assistance. Jay Leggett --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx
|