-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Glenn,
Glenn McCall wrote: > I have a problem where the digest element is seemingly being ignored > when I move my web app from development to production. The > application uses form based security and works just fine in > development. That's very strange. Are you using the same JVM in both environments? Are you sure that your context.xml is the same for both environments (or, at least, they are similar enough that the digest isn't being broken by a different context.xml). (FWIW, I recommend a different context.xml file for each environment; you can set things like the number of connections to maintain in the pool, etc. For us, dev /always/ contains exactly one connection - to detect resource leaks - and production always has many configured). > So how do I know it is being ignored as opposed to simply not > working? I tried pasting a SHA digested password into the password > field and succesfully logged in. Then I tried changing the content of > my valid_users table so that the password was simply set to "pass" > then entered "pass" as my password - lo and behold, succesful login. That's very strange... I would have expected Tomcat to bomb if it couldn't digest the password, rather than simply ignore the hashing altogether. Check to see if you have a conf/[hostname]/yourappname.xml file that might be overriding the one in your WAR file or webapp directory. > I plan to update the prodn server to 5.5.17 to see if this will solve > the problem. Unfortunately, I can not do this for a few days as the > system is being used for some demo's. I would recommend going all the way up to 5.5.23 or 5.5.25 (ready "soon") if you can do it. Lots of stuff has been fixed between then and now. I realize it's a big jump which requires testing. Good luck, - -chris -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.7 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFG0vjK9CaO5/Lv0PARAuVgAJ9lDcJisytDbJOiHZnFXygsv7T2KgCfS+vw MlwzBuuyxFGZ5f4nhCsGe24= =iJl6 -----END PGP SIGNATURE----- --------------------------------------------------------------------- To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
