I've actually got my realms defined per host. That's not the problem. The problem is that the datasources for the various realms must be declared globally (apparently). Until yesterday, I was running JDBCRealms where I could define a different database for each realm inside the host. But I had to move off of JDBCRealms due to a catastrophic bug discussed in an earlier thread.
I'm assuming that any datasource that is defined globally is accessible to any Tomcat app that knows the datasource name, right? This means that the realm authentication db for one host is accessible to any other host that might be able to determine the datasource name. Many of my hosts are from different businesses that must ensure integrity of their security environment. With a global datasource defined for their realm authority db, I can't guarantee that another malicious host cannot access and possible corrupt the db. It doesn't seem right that there would be this sort of hole in DataSourceRealms. But right now, the only way I can find to define a datasource for any realm, even those defined inside a host, is to use global datasource definitions. Is this really the only way? Thanks. Jerry -----Original Message----- From: Hassan Schroeder [mailto:[EMAIL PROTECTED] Sent: Sunday, March 13, 2005 7:08 PM To: Tomcat Users List Subject: Re: Scoping of JNDI Resources? J Malcolm wrote: > But it does not appear that the Default-Context applies to DataSourceRealms > for a host. Is there a way to define a datasource for use by a realm in a > particular host (without making the datasource available to other hosts?) Ah, Realms, well then: <http://jakarta.apache.org/tomcat/tomcat-5.5-doc/config/realm.html> :: says: You may nest a Realm inside any Catalina container Engine, Host, or Context). Not tested -- I'm also running 5.5.7, but my DataSourceRealm is applied globally -- but that sounds like it fits the bill... -- Hassan Schroeder ----------------------------- [EMAIL PROTECTED] Webtuitive Design === (+1) 408-938-0567 === http://webtuitive.com dream. code. --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
