tomcat-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From bugzi...@apache.org
Subject DO NOT REPLY [Bug 18004] - JDBCRealm.authenticate() eats SQLExceptions and should not
Date Fri, 08 Aug 2003 17:19:39 GMT
DO NOT REPLY TO THIS EMAIL, BUT PLEASE POST YOUR BUG 
RELATED COMMENTS THROUGH THE WEB INTERFACE AVAILABLE AT
<http://nagoya.apache.org/bugzilla/show_bug.cgi?id=18004>.
ANY REPLY MADE TO THIS MESSAGE WILL NOT BE COLLECTED AND 
INSERTED IN THE BUG DATABASE.

http://nagoya.apache.org/bugzilla/show_bug.cgi?id=18004

JDBCRealm.authenticate() eats SQLExceptions and should not

funkman@joedog.org changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
             Status|NEW                         |RESOLVED
         Resolution|                            |WONTFIX



------- Additional Comments From funkman@joedog.org  2003-08-08 17:19 -------
As already stated, the realm does logs the exception so any error which is
occuring may be discovered by the server administrator. 

For security purposes, the user should be denied access with the default webapp
or container error message. Anything less is a security violation. 

This will NOT be fixed in tomcat.  

If this is still an issue, I recommend extending JDBCRealm (which is a non-final
class) with your proposed fix and deploy it to $CATALINA_HOME/server/classes dir
(as well as following all the needed instructions for writing a custom realm)

Mime
View raw message