Form-authentication is a good way to go. Make sure that the form is submitted over an SSL link. If not, you will be submitting the passwords over a clear channel.
There are more scalable places of storing the user credentials than in the "tomcat-users.xml" file. This file is mainly intended for demonstration purposes. A better solution would store the users in an LDAP directory or database. If the users were stored in a directory or database, than you would just make the appropriate database/directory calls to update the users password. How many users will you have? If you will only ever have a small number of users, then the flat file may be suitable. Tim --- [EMAIL PROTECTED] wrote: > I use the tomcat-users.xml file to store the user > groups. > > Is there a more simple but yet secure way to protect > access to pages other than > form authentication, wherein I dont have to write > the code for security. > > - Sujay > > Quoting Timothy Fisher <[EMAIL PROTECTED]>: > > > The answer will depend on where you are storing > your > > user credentials (names, and passwords). > > Are you using a flat file, LDAP directory, > database??? > > > > Tim > > > > --- [EMAIL PROTECTED] wrote: > > > I'm not sure if this is the right mailing list > to > > > post to... > > > > > > I use form authentication to authenticate > certain > > > users to restricted pages. > > > I also want to let them change their passwords > from > > > time to time. > > > How do I do this ? I'm use a combination of > > > JSP/JavaBean/Servlet technology. > > > > > > Any help in this matter wud be greatly > appreciated. > > > > > > - Sujay Daniel > > > > > > > > > -- > > > To unsubscribe: > > > > <mailto:[EMAIL PROTECTED]> > > > For additional commands: > > > <mailto:[EMAIL PROTECTED]> > > > Troubles with the list: > > > <mailto:[EMAIL PROTECTED]> > > > > > > > > > __________________________________________________ > > Do You Yahoo!? > > Make a great connection at Yahoo! Personals. > > http://personals.yahoo.com > > > > -- > > To unsubscribe: > <mailto:[EMAIL PROTECTED]> > > For additional commands: > <mailto:[EMAIL PROTECTED]> > > Troubles with the list: > <mailto:[EMAIL PROTECTED]> > > > > > > > -- > To unsubscribe: > <mailto:[EMAIL PROTECTED]> > For additional commands: > <mailto:[EMAIL PROTECTED]> > Troubles with the list: > <mailto:[EMAIL PROTECTED]> > __________________________________________________ Do You Yahoo!? Make a great connection at Yahoo! Personals. http://personals.yahoo.com -- To unsubscribe: <mailto:[EMAIL PROTECTED]> For additional commands: <mailto:[EMAIL PROTECTED]> Troubles with the list: <mailto:[EMAIL PROTECTED]>
