|
|
@@ -468,8 +468,11 @@
|
|
|
<port-mapping http="9080" https="9443"/>
|
|
|
</port-mappings>
|
|
|
</http>]]>
|
|
|
- </programlisting><!--You can find a more in-depth discussion of channel security
|
|
|
- in <xref xlink:href="#channel-security"/--></para>
|
|
|
+ </programlisting>
|
|
|
+ Note that in order to be truly secure, an application should not use HTTP at all or switch
|
|
|
+ between HTTP and HTTPS. It should start in HTTPS (with the user entering an HTTPS URL) and
|
|
|
+ use a secure connection throughout to avoid any possibility of man-in-the-middle attacks.
|
|
|
+ </para>
|
|
|
</section>
|
|
|
<section xml:id="ns-session-mgmt">
|
|
|
<title>Session Management</title>
|
Luke Taylor