tomcat-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From bugzi...@apache.org
Subject DO NOT REPLY [Bug 25055] - getRemoteUser() returns null - bypass of apache authentication
Date Mon, 08 Dec 2003 08:28:56 GMT
DO NOT REPLY TO THIS EMAIL, BUT PLEASE POST YOUR BUG 
RELATED COMMENTS THROUGH THE WEB INTERFACE AVAILABLE AT
<http://nagoya.apache.org/bugzilla/show_bug.cgi?id=25055>.
ANY REPLY MADE TO THIS MESSAGE WILL NOT BE COLLECTED AND 
INSERTED IN THE BUG DATABASE.

http://nagoya.apache.org/bugzilla/show_bug.cgi?id=25055

getRemoteUser() returns null - bypass of apache authentication





------- Additional Comments From stefos@msc.gr  2003-12-08 08:28 -------
Ben, I did this already. 
The issue is that that using a .htaccess file does not protect tomcat served
requests (*.jsp). It bypasses apache and does not ask for a login/password.

I see this in apache 2.047 + tomcat 4.1.29 (both windows and linux) whereas
apache 1.3.29 +  tomcat 4.1.24 worked fine
I do not know if this a tomcat or an apache issue. I'm going to write an email
to tomcat-user to see if anyone else experiences this problem.

---------------------------------------------------------------------
To unsubscribe, e-mail: tomcat-dev-unsubscribe@jakarta.apache.org
For additional commands, e-mail: tomcat-dev-help@jakarta.apache.org


Mime
View raw message