tomcat-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Mark Thomas <>
Subject Re: svn commit: r691805 - in /tomcat/trunk: java/org/apache/catalina/realm/ java/org/apache/catalina/startup/ webapps/docs/ webapps/docs/config/
Date Wed, 03 Sep 2008 22:25:06 GMT wrote:
> Author: markt
> Date: Wed Sep  3 15:18:39 2008
> New Revision: 691805
> URL:
> Log:
> Add a new combined Realm that can be used to try authenticating against multiple realms.

Note that whilst users have been asking for this for a while, I wrote this
as the basis for a LockOut Realm (to follow) that will lock out users after
 a set number of failed logins (with lots of configuration options). This
is in response to the incidents back in July/August where it appeared
attackers were using brute force attacks to gain access to Tomcat webapps,
mainly the admin and manager app. Granted these apps shouldn't be public
facing but adding LockOut functionality to the Realms is a good idea from a
security point of view.

The LockOut Realm will follow when I finish writing it ;)


To unsubscribe, e-mail:
For additional commands, e-mail:

View raw message