> As far as I am aware you cannot resolve this problem > except by switching > to LDAP for your authentication. (Although I would > be happy to be > corrected!)
In this case, which user would be authenticated in LDAP ? If th user connecting to LDAP is 'tomcat', the issue remains no ? > > Which gets me thinking, what is to stop anyone > writing an application > that simply deletes the tomcat installation? Exactly, a simple Runtime.exec could do a lot of damage for all webapps and tomcat install.... > Jerome Benezech wrote: > > Hi, > > I have a question regarding Tomcat server > UserDatabase > > on Linux. > > When choosing a MemoryUserDatabase, tomcat users > and > > passwords are declared in a tomcat-users.xml file. > The > > tomcat user running the server must have read > > permission on this file. > > At the same time, all webapps running in tomcat > are > > running under the same Linux user ('tomcat'). So > any > > webapp can access this file and display its > content. > > > > My app is hosted on a shared Linux server. With > the > > present configuration, I can retrieve this file > and > > display every user login/password, then if I > wanted > > to, I could go into somebody else' webapp manager > and > > undeploy it. > > I am a bit worried that somebody would do that to > > me... > > > > Is there a way to ensure that only the root user > can > > read this file ? > > > > > > Thanks > > Jerome > > > > > > > > > > Jerome Benezech > > [EMAIL PROTECTED] > > > > > --------------------------------------------------------------------- > > To start a new topic, e-mail: > users@tomcat.apache.org > > To unsubscribe, e-mail: > [EMAIL PROTECTED] > > For additional commands, e-mail: > [EMAIL PROTECTED] > > > > > _______________________________ > Jacob Rhoden - http://uptecs.com/ > > --------------------------------------------------------------------- > To start a new topic, e-mail: > users@tomcat.apache.org > To unsubscribe, e-mail: > [EMAIL PROTECTED] > For additional commands, e-mail: > [EMAIL PROTECTED] > > Jerome Benezech [EMAIL PROTECTED] --------------------------------------------------------------------- To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]