tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Robert Hall <rfh...@uclink.berkeley.edu>
Subject Re: application security gone mad
Date Fri, 14 Nov 2003 21:05:14 GMT
Gary,

A pooled Data Access Layer (ie EJB's) is pretty standard,
but I'd prefer a uid & p/w that was not unique to an app.  For
example, using kerberos to authenticate, LDAP for course
grained authorization, and a DB for finer grained authorizations.
But wait, that would mean they'd have to use JAAS!

Regards,
Robert

Gary Hardy wrote:

>Robert,
>
>You hit it on the head...
>And, prevail? not a chance, they're a client... I'm the consultant.
>And, JAAS? Please. We can't even agree about CMS.
>
>The posting was 1) a rant. 2) fishing for a little parting wisdom (not mine)
>to leave with them to "think about".
>
>CMS is fine just the way it is. And, a pooled DAL that uses a single,
>configurable uid & p/w per application seems pretty "standard" I'd say.
>
>gary...
>
>  
>
>>From: Robert Hall <rfhall@uclink.berkeley.edu>
>>Reply-To: "Tomcat Users List" <tomcat-user@jakarta.apache.org>
>>Date: Fri, 14 Nov 2003 10:17:04 -0800
>>To: Tomcat Users List <tomcat-user@jakarta.apache.org>
>>Subject: Re: application security gone mad
>>
>>Gary,
>>
>>WOW, how could one possibly justify/rationalize the complicated approach
>>you described in your original post?  The "architecture" as described makes
>>no real use of CMS.  Sounds like a combination of "not invented here" and
>>"I don't understand it so I'm not gonna use it".
>>
>>You're on the right track, hope you prevail.
>>
>>Is JAAS being used?
>>
>>Robert
>>    
>>
>
>
>---------------------------------------------------------------------
>To unsubscribe, e-mail: tomcat-user-unsubscribe@jakarta.apache.org
>For additional commands, e-mail: tomcat-user-help@jakarta.apache.org
>
>
>  
>

Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message