mber 01, 2001 12:47 PM
> Subject: Re: Form authentication/ password changing
>
>
> >Craig,
> >
> >I agree with all of your comments. From the tomcat
> >access perspective, your correct, flat file vs. DB
> >storage of users/passwords may be roughly
> equiv
Are you experiencing the same thing?
-Original Message-
From: Timothy Fisher <[EMAIL PROTECTED]>
To: Tomcat Users List <[EMAIL PROTECTED]>
Date: Thursday, November 01, 2001 12:47 PM
Subject: Re: Form authentication/ password changing
>Craig,
>
>I agree with all of
Nov 2001 12:08:18 -0800 (PST)
> > From: Timothy Fisher <[EMAIL PROTECTED]>
> > Reply-To: Tomcat Users List
> <[EMAIL PROTECTED]>
> > To: Tomcat Users List
> <[EMAIL PROTECTED]>
> > Subject: Re: Form authentication/ password
> changing
> >
> &g
On Thu, 1 Nov 2001, Timothy Fisher wrote:
> Date: Thu, 1 Nov 2001 12:08:18 -0800 (PST)
> From: Timothy Fisher <[EMAIL PROTECTED]>
> Reply-To: Tomcat Users List <[EMAIL PROTECTED]>
> To: Tomcat Users List <[EMAIL PROTECTED]>
> Subject: Re: Form authentication/
There is a sample tomcat-users.xml included with
tomcat 4.0 in the conf directory. Just follow this
format. Yes, the file must be in this format, unless
you write your own connector.
The server containing the tomcat-users file definitely
must be protected. Yes, this is less secure than
storing
Thanks for all the help.
I just have abt 39 users and I cant figure out how to instruct the server to
use the flat file that has the user/password combinations. Should the flat file
be necessarily a .xml file ? Isnt saving the password in ascii form less secure
(?)
Thanks again.
Sujay
Quoti
Form-authentication is a good way to go. Make sure
that the form is submitted over an SSL link. If not,
you will be submitting the passwords over a clear
channel.
There are more scalable places of storing the user
credentials than in the "tomcat-users.xml" file. This
file is mainly intended fo
I use the tomcat-users.xml file to store the user groups.
Is there a more simple but yet secure way to protect access to pages other than
form authentication, wherein I dont have to write the code for security.
- Sujay
Quoting Timothy Fisher <[EMAIL PROTECTED]>:
> The answer will depend on w
The answer will depend on where you are storing your
user credentials (names, and passwords).
Are you using a flat file, LDAP directory, database???
Tim
--- [EMAIL PROTECTED] wrote:
> I'm not sure if this is the right mailing list to
> post to...
>
> I use form authentication to authenticate ce
I'm not sure if this is the right mailing list to post to...
I use form authentication to authenticate certain users to restricted pages.
I also want to let them change their passwords from time to time.
How do I do this ? I'm use a combination of JSP/JavaBean/Servlet technology.
Any help in thi
10 matches
Mail list logo
