tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Timothy Fisher <trfishe...@yahoo.com>
Subject Re: Form authentication/ password changing
Date Thu, 01 Nov 2001 20:08:18 GMT
There is a sample tomcat-users.xml included with
tomcat 4.0 in the conf directory.  Just follow this
format.  Yes, the file must be in this format, unless
you write your own connector.

The server containing the tomcat-users file definitely
must be protected.  Yes, this is less secure than
storing the users/passwords in a directory/database.

Tim

--- sd7@njit.edu wrote:
> Thanks for all the help.
> 
> I just have abt 39 users and I cant figure out how
> to instruct the server to 
> use the flat file that has the user/password
> combinations. Should the flat file 
> be necessarily a .xml file ? Isnt saving the
> password in ascii form less secure 
> (?)
> 
> Thanks again.
> 
> Sujay
> 
> Quoting Timothy Fisher <trfishermi@yahoo.com>:
> 
> > Form-authentication is a good way to go.  Make
> sure
> > that the form is submitted over an SSL link.  If
> not,
> > you will be submitting the passwords over a clear
> > channel.
> > 
> > There are more scalable places of storing the user
> > credentials than in the "tomcat-users.xml" file. 
> This
> > file is mainly intended for demonstration
> purposes.  A
> > better solution would store the users in an LDAP
> > directory or database.  If the users were stored
> in a
> > directory or database, than you would just make
> the
> > appropriate database/directory calls to update the
> > users password.
> > 
> > How many users will you have?  If you will only
> ever
> > have a small number of users, then the flat file
> may
> > be suitable. 
> > 
> > Tim
> > 
> > 
> > --- sd7@njit.edu wrote:
> > > I use the tomcat-users.xml file to store the
> user
> > > groups. 
> > > 
> > > Is there a more simple but yet secure way to
> protect
> > > access to pages other than 
> > > form authentication, wherein I dont have to
> write
> > > the code for security.
> > > 
> > > - Sujay
> > > 
> > > Quoting Timothy Fisher <trfishermi@yahoo.com>:
> > > 
> > > > The answer will depend on where you are
> storing
> > > your
> > > > user credentials (names, and passwords).
> > > > Are you using a flat file, LDAP directory,
> > > database???
> > > > 
> > > > Tim
> > > > 
> > > > --- sd7@njit.edu wrote:
> > > > > I'm not sure if this is the right mailing
> list
> > > to
> > > > > post to...
> > > > > 
> > > > > I use form authentication to authenticate
> > > certain
> > > > > users to restricted pages.
> > > > > I also want to let them change their
> passwords
> > > from
> > > > > time to time.
> > > > > How do I do this ? I'm use a combination of
> > > > > JSP/JavaBean/Servlet technology.
> > > > > 
> > > > > Any help in this matter wud be greatly
> > > appreciated.
> > > > > 
> > > > > - Sujay Daniel
> > > > > 
> > > > > 
> > > > > --
> > > > > To unsubscribe:  
> > > > >
> > >
> <mailto:tomcat-user-unsubscribe@jakarta.apache.org>
> > > > > For additional commands:
> > > > > <mailto:tomcat-user-help@jakarta.apache.org>
> > > > > Troubles with the list:
> > > > >
> <mailto:tomcat-user-owner@jakarta.apache.org>
> > > > > 
> > > > 
> > > > 
> > > >
> __________________________________________________
> > > > Do You Yahoo!?
> > > > Make a great connection at Yahoo! Personals.
> > > > http://personals.yahoo.com
> > > > 
> > > > --
> > > > To unsubscribe:  
> > >
> <mailto:tomcat-user-unsubscribe@jakarta.apache.org>
> > > > For additional commands:
> > > <mailto:tomcat-user-help@jakarta.apache.org>
> > > > Troubles with the list:
> > > <mailto:tomcat-user-owner@jakarta.apache.org>
> > > > 
> > > > 
> > > 
> > > 
> > > --
> > > To unsubscribe:  
> > >
> <mailto:tomcat-user-unsubscribe@jakarta.apache.org>
> > > For additional commands:
> > > <mailto:tomcat-user-help@jakarta.apache.org>
> > > Troubles with the list:
> > > <mailto:tomcat-user-owner@jakarta.apache.org>
> > > 
> > 
> > 
> > __________________________________________________
> > Do You Yahoo!?
> > Make a great connection at Yahoo! Personals.
> > http://personals.yahoo.com
> > 
> > --
> > To unsubscribe:  
> <mailto:tomcat-user-unsubscribe@jakarta.apache.org>
> > For additional commands:
> <mailto:tomcat-user-help@jakarta.apache.org>
> > Troubles with the list:
> <mailto:tomcat-user-owner@jakarta.apache.org>
> > 
> > 
> 
> 
> --
> To unsubscribe:  
> <mailto:tomcat-user-unsubscribe@jakarta.apache.org>
> For additional commands:
> <mailto:tomcat-user-help@jakarta.apache.org>
> Troubles with the list:
> <mailto:tomcat-user-owner@jakarta.apache.org>
> 


__________________________________________________
Do You Yahoo!?
Make a great connection at Yahoo! Personals.
http://personals.yahoo.com

--
To unsubscribe:   <mailto:tomcat-user-unsubscribe@jakarta.apache.org>
For additional commands: <mailto:tomcat-user-help@jakarta.apache.org>
Troubles with the list: <mailto:tomcat-user-owner@jakarta.apache.org>


Mime
View raw message