> From: Kurt Heberlein [mailto:ku...@3pardata.com] > Subject: Digested passwords stored in tomcat-users.xml by admin > application? > > is there a way to make the admin application
If you're referring to the admin application that comes with older versions of Tomcat, that's a dead end. (Note that you didn't bother to tell us what version of Tomcat you're using.) > Each new user created gets put in the file with a > cleartext password. What file? If you're referring to conf/tomcat-users.xml, you should not be using that in production. Better to configure a proper <Realm> with some sort of database or LDAP server behind it: http://tomcat.apache.org/tomcat-5.5-doc/realm-howto.html - Chuck THIS COMMUNICATION MAY CONTAIN CONFIDENTIAL AND/OR OTHERWISE PROPRIETARY MATERIAL and is thus for use only by the intended recipient. If you received this in error, please contact the sender and delete the e-mail and its attachments from all computers. --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
