Java Mailing List Archive

http://www.junlu.com/

Home » Home (12/2007) » Tomcat Users »

DataSource Realm

Pfingstl Gernot

2004-01-18


If I want to use a DataSourceRealm (tomcat 4.1) like
<Realm className="org.apache.catalina.realm.DataSourceRealm"
dataSourceName="java:/comp/env/jdbc/authority" ... />
I had to configure a JNDI named JDBC DataSource "java:/comp/env/jdbc/authority". So all web applications can also use this DataSource and can read the user-table - this is possibly a security hole. Is there a way to prohibit web applications to use this DataSource?

Thanks,
Gernot

---------------------------------------------------------------------
To unsubscribe, e-mail: tomcat-user-unsubscribe@(protected)
For additional commands, e-mail: tomcat-user-help@(protected)



©2008 junlu.com - Jax Systems, LLC, U.S.A.