tomcat-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Marsh David W Maj AFIT/ENG" <David.Ma...@afit.edu>
Subject Information re: authenticate() Limits
Date Thu, 09 Mar 2006 21:13:08 GMT

I'm looking at the authenticate methods (package
org.apache.catalina.realm.JDBCRealm and JAASRealm, for example) and
wonder what sort of limitations are intended for this code.  Are there
restrictions regarding which packages can have instances of these
classes and/or call "special" methods that handle (for example)
passwords?  Is there data that "should" not be passed around beyond
certain boundaries?

My questions are about design intent.  Obviously there are restrictions
based on package, "private" designation, etc.  But I'm interested in
further intended limitations.  Could someone theoretically write code
that makes inappropriate use of password access, encryption, or
decryption methods or even of certain fields or objects?

David

---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@tomcat.apache.org
For additional commands, e-mail: dev-help@tomcat.apache.org


Mime
View raw message