tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From s..@njit.edu
Subject Re: Form authentication/ password changing
Date Thu, 01 Nov 2001 19:59:53 GMT
Thanks for all the help.

I just have abt 39 users and I cant figure out how to instruct the server to 
use the flat file that has the user/password combinations. Should the flat file 
be necessarily a .xml file ? Isnt saving the password in ascii form less secure 
(?)

Thanks again.

Sujay

Quoting Timothy Fisher <trfishermi@yahoo.com>:

> Form-authentication is a good way to go.  Make sure
> that the form is submitted over an SSL link.  If not,
> you will be submitting the passwords over a clear
> channel.
> 
> There are more scalable places of storing the user
> credentials than in the "tomcat-users.xml" file.  This
> file is mainly intended for demonstration purposes.  A
> better solution would store the users in an LDAP
> directory or database.  If the users were stored in a
> directory or database, than you would just make the
> appropriate database/directory calls to update the
> users password.
> 
> How many users will you have?  If you will only ever
> have a small number of users, then the flat file may
> be suitable. 
> 
> Tim
> 
> 
> --- sd7@njit.edu wrote:
> > I use the tomcat-users.xml file to store the user
> > groups. 
> > 
> > Is there a more simple but yet secure way to protect
> > access to pages other than 
> > form authentication, wherein I dont have to write
> > the code for security.
> > 
> > - Sujay
> > 
> > Quoting Timothy Fisher <trfishermi@yahoo.com>:
> > 
> > > The answer will depend on where you are storing
> > your
> > > user credentials (names, and passwords).
> > > Are you using a flat file, LDAP directory,
> > database???
> > > 
> > > Tim
> > > 
> > > --- sd7@njit.edu wrote:
> > > > I'm not sure if this is the right mailing list
> > to
> > > > post to...
> > > > 
> > > > I use form authentication to authenticate
> > certain
> > > > users to restricted pages.
> > > > I also want to let them change their passwords
> > from
> > > > time to time.
> > > > How do I do this ? I'm use a combination of
> > > > JSP/JavaBean/Servlet technology.
> > > > 
> > > > Any help in this matter wud be greatly
> > appreciated.
> > > > 
> > > > - Sujay Daniel
> > > > 
> > > > 
> > > > --
> > > > To unsubscribe:  
> > > >
> > <mailto:tomcat-user-unsubscribe@jakarta.apache.org>
> > > > For additional commands:
> > > > <mailto:tomcat-user-help@jakarta.apache.org>
> > > > Troubles with the list:
> > > > <mailto:tomcat-user-owner@jakarta.apache.org>
> > > > 
> > > 
> > > 
> > > __________________________________________________
> > > Do You Yahoo!?
> > > Make a great connection at Yahoo! Personals.
> > > http://personals.yahoo.com
> > > 
> > > --
> > > To unsubscribe:  
> > <mailto:tomcat-user-unsubscribe@jakarta.apache.org>
> > > For additional commands:
> > <mailto:tomcat-user-help@jakarta.apache.org>
> > > Troubles with the list:
> > <mailto:tomcat-user-owner@jakarta.apache.org>
> > > 
> > > 
> > 
> > 
> > --
> > To unsubscribe:  
> > <mailto:tomcat-user-unsubscribe@jakarta.apache.org>
> > For additional commands:
> > <mailto:tomcat-user-help@jakarta.apache.org>
> > Troubles with the list:
> > <mailto:tomcat-user-owner@jakarta.apache.org>
> > 
> 
> 
> __________________________________________________
> Do You Yahoo!?
> Make a great connection at Yahoo! Personals.
> http://personals.yahoo.com
> 
> --
> To unsubscribe:   <mailto:tomcat-user-unsubscribe@jakarta.apache.org>
> For additional commands: <mailto:tomcat-user-help@jakarta.apache.org>
> Troubles with the list: <mailto:tomcat-user-owner@jakarta.apache.org>
> 
> 


--
To unsubscribe:   <mailto:tomcat-user-unsubscribe@jakarta.apache.org>
For additional commands: <mailto:tomcat-user-help@jakarta.apache.org>
Troubles with the list: <mailto:tomcat-user-owner@jakarta.apache.org>


Mime
View raw message