tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Konstantin Kolinko <>
Subject Re: Tomcat HeapMemoryUsage MBean question
Date Fri, 07 Sep 2012 20:29:08 GMT
2012/9/7 Shanti Suresh <>:
> Hi Christopher, Hi Konstantin,
> On Fri, Sep 7, 2012 at 1:54 PM, Christopher Schultz <
>> wrote:
>> I personally think that's a bad idea: just set some simple username
>> and password and have your client use it: any decent command-line HTTP
>> client should support HTTP BASIC authentication.
> Sure.  I can do that.  It just leaves the set operations vulnerable too
> though.  I can use digested passwords too, but still my scripts will need
> to be hard-coded with the password.
>> That's good.
>> Sure :-)  Thanks.
>> Log it as an enhancement request in Bugzilla. I proposed this kind of
>> thing a few months ago though I can't seem to find the thread at the
>> moment. It was mildly rejected due to lack of interest, but but it
>> seems we have a real use-case where a user wants this capability.
> Oh, most certainly, there is a definite use-case for this feature.  And
> others will use it heavily once you have the capability.  It just doesn't
> seem like a good plan to have the get and set secured the same way.

With "get" you can view someone's password.
With "set" you can change it, or change assigned roles.

(with certain Realm implementations).

There is not much difference.  I think allowing generic "get" or
generic "set" is a bad idea.

Best regards,
Konstantin Kolinko

To unsubscribe, e-mail:
For additional commands, e-mail:

View raw message