tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Pfingstl Gernot" <gernot.pfing...@stmk.gv.at>
Subject AW: DataSource Realm
Date Mon, 19 Jan 2004 20:56:30 GMT
This isn't what I want to do. In this way, you described, the web application can also obtain
a DataSource and so a connection to the user database. 

We have a tomcat admin, which sets up the user database. And a lot of people which writes
web application. The tomcat admin wants to protect the userdatabase in the way that no application
has access to it. 

Gernot

-----Urspr√ľngliche Nachricht-----
Von: Bruno.Melloni@nokia.com [mailto:Bruno.Melloni@nokia.com]
Gesendet: Montag, 19. Jänner 2004 15:00
An: tomcat-user@jakarta.apache.org
Betreff: RE: DataSource Realm


This is probably not the only way to accomplish what you want, but a simple one to code for.

1)Define your DataSource resource in <GlobalNamingResources> of conf/server.xml.
2)Add a <ResourceLink> to the DataSource in the application context file in conf/Catalina/<yourserver>/<yourapp>.xml

This way the only applications that are able to access the datasource are the ones with a
<ResourceLink> entry.

-----Original Message-----
From: ext Pfingstl Gernot [mailto:gernot.pfingstl@stmk.gv.at]
Sent: Sunday, January 18, 2004 3:32 PM
To: tomcat-user@jakarta.apache.org
Subject: DataSource Realm


If I want to use a DataSourceRealm (tomcat 4.1) like 
<Realm className="org.apache.catalina.realm.DataSourceRealm"
dataSourceName="java:/comp/env/jdbc/authority" ... />
I had to configure a JNDI named JDBC DataSource "java:/comp/env/jdbc/authority". So all web
applications can also use this DataSource and can read the user-table - this is possibly a
security hole. Is there a way to prohibit web applications to use this DataSource?

Thanks, 
Gernot

---------------------------------------------------------------------
To unsubscribe, e-mail: tomcat-user-unsubscribe@jakarta.apache.org
For additional commands, e-mail: tomcat-user-help@jakarta.apache.org


---------------------------------------------------------------------
To unsubscribe, e-mail: tomcat-user-unsubscribe@jakarta.apache.org
For additional commands, e-mail: tomcat-user-help@jakarta.apache.org


---------------------------------------------------------------------
To unsubscribe, e-mail: tomcat-user-unsubscribe@jakarta.apache.org
For additional commands, e-mail: tomcat-user-help@jakarta.apache.org


Mime
View raw message