tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Mark Thomas <ma...@apache.org>
Subject Re: Update the tomcat-users.xml file to reflect the new roles?
Date Fri, 05 Nov 2010 17:29:25 GMT
On 05/11/2010 11:27, Brooke Hedrick wrote:
> Hey,
> 
> Would it make sense to update the conf/tomcat-users.xml file to account for
> the new roles?

Providing a tomcat-users.xml file that includes a default user with a
known password that has access to an administrative interface would be
very, very bad from a security point of view.

The current 7.0.x and 6.0.x files have all the necessary information in
comments within the file.

Mark

> 
> Here's my patch:
> 
> 34a35,42
>>   <role rolename="manager-gui"/>
>>   <role rolename="manager-script"/>
>>   <role rolename="manager-jmx"/>
>>   <role rolename="manager-status"/>
>>   <user username="manager" password="s3cret"
> roles="manager-gui,manager-script,manager-jmx,manager-status"/>
>>   <role rolename="admin-gui"/>
>>   <role rolename="admin-script"/>
>>   <user username="admin" password="s3cret"
> roles="admin-gui,admin-script"/>
> 




---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org


Mime
View raw message