"Sonny Sukumar" <ahimsadesi@(protected)
news:Law10-F68abixgsNbJW00008cde@(protected)...
>
> >From: "Bill Barker" <wbarker@(protected)>
>
> > >
> > > --I reconfigured the SSL port from 8443 to 443 on our server (as well
as
> >the
> > > redirect port), and all of a sudden I can connect using SSL. I don't
> > > understand why 8443 didn't work. Any ideas??
> > >
> >
> >There is a well-know bug in MSIE related to security-constraints, but
that
> >doesn't seem to apply here.
>
> Hmm, what's that bug? I'd like to know because I next plan to implement
> some <security-constraint>s to prevent insecure access to certain pages
and
> sets of pages.
>

If you are running SSL on a non-standard port (e.g. 8443), and the user
attempts to access a page (via http) which is protected with both an
auth-constraint and a transport-guarantee, MSIE will fumble around and end
up issuing a request for 'http://host:8443/myapp/login.jsp' (which of course
will fail). It doesn't happen if you are using the standard SSL port (i.e.
443), or with Tomcat 5.

> _________________________________________________________________
> Frustrated with dial-up? Get high-speed for as low as $29.95/month
> (depending on the local service providers in your area).
> https://broadband.msn.com




---------------------------------------------------------------------
To unsubscribe, e-mail: tomcat-user-unsubscribe@(protected)
For additional commands, e-mail: tomcat-user-help@(protected)