> Tomcat's JDBC Realm won't work with an empty database
> password. I posted
> about this a week ago and asked if it was a bug and noone responded.
>
> If you proved the JDBCRealm a valid username with a blank
> (empty string)
> password, Tomcat will ignore BOTH Username and password.
Guess I must have glazed over your previous post.
I would view this less as a bug and more as a feature. You should
never really allow users to have an empty password. It kind of
defeats the point of having security. If you are trying to have
a demo/anon user then just do similar to how this is handled in
a ftp server... username=anonymous [EMAIL PROTECTED]
JMHO.
---
Michael Wentzel
Software Developer
Software As We Think - http://www.aswethink.com