The security system is currently tied to Tomcats security... This will be deprecated (removed) in the next release because Harbor will now have its own security system. There are several reasons for this.... + The system currently maps URI's to Class protection... On small systems this is OK but on large systems with hundreds of classes its proving to be too much work. The new scheme is much much easier. + Remove the dependency on Tomcat.. This old security system is the only thing that really ties Harbor to Tomcat... once its gone, Harbor will port to any servlet container very easily. + Just not good enough.. Things like setting up secure comms is a mission with TC.... the new system reduces all that to one line of code, and is independent of TC Passwords in TC are stored in the open.... this will now be random IV digests making it very secure. The conceptual model that Verisign works on is not good enough for what we have in mind... on the new system, you can become a Verisign... will be explained in the release. ==================== If you building an app right now, omit security considerations for now... the new system will let you do it 10 minutes what would take a very long time the old TC way. ==================== Enjoy the Rugby... go Bokke! --------------------------------------------------------------------------- HARBOR: http://coolharbor.100free.com/index.htm Now Tomcat is also a cool application server ---------------------------------------------------------------------------