On 25 November 2013 23:27, Ognjen Blagojevic <ognjen.d.blagoje...@gmail.com> wrote:
> What most users do is to copy the XML example, and paste it into > tomcat-users.xml. > > I propose that 401 page for Manager be dynamically generated, so that > instead of occurrences of example password "s3cret", it generates random > password, different for every request which results in 401 error page. In > that way, every security-unaware user will have unique password, and not > "s3cret". I second this proposal. It's much less of a burden on a user to write down a long random password (cut/paste) than to dig out an appropriate tool and generate one. cheers, David. --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
