File APIs for Java Developers
Manipulate DOC, XLS, PPT, PDF and many others from your application.
http://aspose.com/file-tools
The moose likes Tomcat and the fly likes Security question with Tomcat Big Moose Saloon
  Search | Java FAQ | Recent Topics | Flagged Topics | Hot Topics | Zero Replies
Register / Login


Win a copy of Android Security Essentials Live Lessons this week in the Android forum!
JavaRanch » Java Forums » Products » Tomcat
Bookmark "Security question with Tomcat" Watch "Security question with Tomcat" New topic
Author

Security question with Tomcat

Lu Battist
Ranch Hand

Joined: Feb 17, 2003
Posts: 104
I want to have a secure web site that allows users to self/register. My question is that if I secure the site using user names in the tomcat-users.xml file and specify what pages need securing in the web.xml, then
1) How can I dynamically add users to the users.xml file?
2) Is that secure, could someone hack in and get the whole list of user ids and passowrds?
What other alternatives are there?
I'm leaning towards forgetting about the web.xml and users.xml altogether and having one main login servlet validate a user out of a database and start a session. Then have each subsequent servlet get the session and if not its present redirect the user to the login servlet.
 
I agree. Here's the link: http://aspose.com/file-tools
 
subject: Security question with Tomcat
 
Similar Threads
action="j_security_check"
Web App Security
security constraints - login doesnt work
Problem with security
Unable to login to manager GUI