tomcat-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "John Gregg" <john.gr...@techarch.com>
Subject RE: [PATCH] change JDBCRealm to add flexibility in table layout
Date Thu, 07 Mar 2002 17:10:52 GMT
Jim,

I've been thinking about the custom class for authentication.  Basically,
that's what JAAS does, so when the JAASRealm is ready from primetime, you'll
get your wish.  However, I think it's great that Tomcat provides
out-of-the-box authentication, even if it's not all things to everyone and I
hope there will always be that option.

As far as hashed or encrypted passwords goes, I've been thinking about that
and think for now a filter would be the way to go, but I'm not sure what the
filter would be on!  Until my current project, I, too, have always done
authentication and authorization "by hand" but I thought I'd see if I could
make my life easier by using the capabilities built-in.

Also, we're in agreement over the use of synthetic keys I think.  Maybe it
wasn't clear from my earlier posts, but I use "meaningless" ids.  Even if my
users assure me that such-and-such an attribute is unique and immutable, I'm
still inclined to create my own int or long id.  I like to create a key
generator that relies on the db's sequence facility.  I just have one
sequence db-wide.  I retrieve a batch of keys at once, like 500, and hand
them out as requested until they're gone.  Then I get another batch.  I
think I read this in a Scott Ambler paper.  This also allows all objects in
my application to have an application-wide unique id, which can be useful.
Incidentally, different dbs handle sequences differently, which is another
reason it's handy to have a key generator interface with multiple
implementations that can be plugged-in as needed.


Ignacio,

You're right, I'm not a views expert.  I'm a software developer, not a dba.
(-:  I try not to rely too much on what the db can do for me in order to
maintain a little portability.  I've worked on enough projects where we just
didn't know what we could afford or where we would deploy.  Some of those
projects used MySQL, which as you know is somewhat limited feature-wise
(ACID transactions, views, etc.)


thanks all,

john


-----Original Message-----
From: tomcat-dev-return-6767-john.gregg=techarch.com@jakarta.apache.org
[mailto:tomcat-dev-return-6767-john.gregg=techarch.com@jakarta.apache.or
g]On Behalf Of Jim Seach
Sent: Thursday, March 07, 2002 9:38 AM
To: Tomcat Developers List
Subject: RE: [PATCH] change JDBCRealm to add flexibility in table layout


Ignacio,

I apologize for not reading more closely.  You didn't -1 it, just
expressed your opinion.  I agree your proposed changes would be much
more flexible.  Another option that might be nice would be the ability
to specify a user supplied class to compute a password hash so only the
hash needs to be stored in the database rather than the actual
password.

I usually use custom authentication rather than using the container
provided capabilities, but there may be times when this might be
useful, so having well thought out and flexible components is always
important!

Thanks,

Jim Seach



--
To unsubscribe, e-mail:   <mailto:tomcat-dev-unsubscribe@jakarta.apache.org>
For additional commands, e-mail: <mailto:tomcat-dev-help@jakarta.apache.org>


Mime
View raw message