Cwikius-Spring
/
spring-security
mirror of https://github.com/spring-projects/spring-security.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

SEC-1638: Added paragraph to docs explaining that for complete security, an app should not switch out of HTTPS at all.

This commit is contained in:
Luke Taylor 2010-12-17 17:34:08 +00:00
parent 7cf9740fd4
commit 48ea0a6249
1 changed files with 5 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

7
docs/manual/src/docbook/namespace-config.xml
View File

@ -468,8 +468,11 @@
<port-mapping http="9080" https="9443"/>
</port-mappings>
</http>]]>
</programlisting><!--You can find a more in-depth discussion of channel security
in <xref xlink:href="#channel-security"/--></para>
</programlisting>
Note that in order to be truly secure, an application should not use HTTP at all or switch
between HTTP and HTTPS. It should start in HTTPS (with the user entering an HTTPS URL) and
use a secure connection throughout to avoid any possibility of man-in-the-middle attacks.
</para>
</section>
<section xml:id="ns-session-mgmt">
<title>Session Management</title>