tomcat-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Benjamin Cuthbert <ben_cuthb...@yahoo.co.uk>
Subject Security on JDBC Realm new features
Date Mon, 01 May 2006 19:33:58 GMT
All

I am trying to improve the security for authenticating users on my  
JDBC realm. What we require is the ability to lock out accounts on  
the database
when a user enters more than 3 incorrect passwords. Now i have made  
some changes to the JDBCRealm.java and i would like some comments
on the features that i have added. Could someone from the tomcat team  
have a look at the attached code and configuration file and let me
know if this is the correct way to go about doing this.

Changes -

authenticate : Adding in a counter to check how many times a user  
gets the incorrect password from the database.
LockAccount : new method to handle the update to the database so that  
accounts can be locked.

Testing -

I have tested this on OSX as that is the system i use, but i am going  
to do some further testing on linux as that is what the server
application is installed on.

server.xml config would be


       <Realm  className="org.apache.catalina.realm.JDBCRealm"
              driverName="org.gjt.mm.mysql.Driver"
           connectionURL="jdbc:mysql://localhost/tomcat"
          connectionName="tomcat" connectionPassword="tomcat"
               userTable="users" userNameCol="user_name"  
userCredCol="user_pass"
           userRoleTable="user_roles" roleNameCol="role_name"
           accstatusCol="accountstatus" acclockouttry="3"/>



Mime
View raw message