[jboss-dev-forums] [Design of JBoss Remoting, Unified Invokers] - HTTP transport and security
david.lloyd@jboss.com
do-not-reply at jboss.com
Mon Jan 21 10:22:36 EST 2008
For the purposes of securing the Remoting 3 HTTP transport, I intend to rely on HTTPS and standard HTTP authentication mechanisms to provide the authentication and encryption for the transport.
Another possibility would be to use a SASL layer nested inside of the HTTP request body. However, because the user-provided message headers would not be encrypted if this option were followed, I opted against it. In addition, it makes more sense to me to reuse existing mechanisms rather than invent new ones.
Any comments?
View the original post : http://www.jboss.com/index.html?module=bb&op=viewtopic&p=4121871#4121871
Reply to the post : http://www.jboss.com/index.html?module=bb&op=posting&mode=reply&p=4121871
More information about the jboss-dev-forums
mailing list