How do I do login & transactions in https?
Hey security experts,
I haven't configured SSL in a spring application and was wondering how I would secure particular url
I am using tomcat 7, Spring (framework & security) 3.1.0.RELEASE, Spring Web flow 2.3.0.RELEASE
I read the following (Section 2.3)
Now I have several questions
1. How do I secure login to use https and return to http? (Please note I am using @Secured so login interception throughout the app must do this)
2. Similarly how do I secure a web flow to use https?
3. Is it really a bad idea to just use SSL for login & some flows? I am not building a banking application. Most commercial websites I see are not using SSL all the time.
4. Do I really need to disable Session Fixation as metioned in the webpage above? Sounds like a bad idea.