Win a copy of Re-engineering Legacy Software this week in the Refactoring forum
or Docker in Action in the Cloud/Virtualization forum!
  • Post Reply
  • Bookmark Topic Watch Topic
  • New Topic

Security question with Tomcat

 
Lu Battist
Ranch Hand
Posts: 104
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
I want to have a secure web site that allows users to self/register. My question is that if I secure the site using user names in the tomcat-users.xml file and specify what pages need securing in the web.xml, then
1) How can I dynamically add users to the users.xml file?
2) Is that secure, could someone hack in and get the whole list of user ids and passowrds?
What other alternatives are there?
I'm leaning towards forgetting about the web.xml and users.xml altogether and having one main login servlet validate a user out of a database and start a session. Then have each subsequent servlet get the session and if not its present redirect the user to the login servlet.
 
  • Post Reply
  • Bookmark Topic Watch Topic
  • New Topic