Sorry for the sent mail double time thing :] i'll check the Jespa suggestion. thanks :] keep the ideas coming, guys. every little thing could help
Thanks Hila 2011/2/23 André Warnier <a...@ice-sa.com> > הילה wrote: > >> I've posted my problem in the sourceforge forums, but no comments have >> received so far. :( >> >> If you have any suggestions to replace this, another way to authenticate >> the >> tomcat to the DB with user and password that do not appear in clear text, >> I'll be glad to hear about it. >> >> Have a look at Jespa (http://www.ioplex.com) > > In the basic configuration, it works a bit differently : it authenticates > (with Windows Domain) the user who is *using* the Tomcat application, not > the Tomcat process itself. > (*) > > However, it comes with an API which can probably be used to do what you > want. > Send an email to supp...@ioplex.com explaining what you want to achieve, > and I am sure that they will tell you if Jespa can be used for that. > > > > (*) Note the difference : currently, you are authenticating to the DB with > the single "Tomcat user". So all the users of your application really > access the database under this one "group-id". Anyone who can connect to > Tomcat, can get data out of the database, under this one user-id. That may > or may not be secure, depending on how the users authenticate to the Tomcat > application. > > In the Jespa kind of setup, a java servlet filter picks up the Windows > Domain user-id of the user accessing the Tomcat application. > This same user-id can then be picked up inside the application via > getRemoteUser() (or something sismilar), and used to connect to the > database. > Then you really filter accesses to the database by individual user-id. > > One or the other setup may be what you really need, but that you have to > decide yourself. > > > P.S. > There is no need to send me a copy of each message that you send to the > list. > I receive all messages to the list anyway (as do the other subscribers), so > when you copy me, I get the same message twice. > > > --------------------------------------------------------------------- > To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org > For additional commands, e-mail: users-h...@tomcat.apache.org > >
