All
I am trying to improve the security for authenticating users on my
JDBC realm. What we require is the ability to lock out accounts on
the database
when a user enters more than 3 incorrect passwords. Now i have made
some changes to the JDBCRealm.java and i would like some comments
on the features that i have added. Could someone from the tomcat team
have a look at the attached code and configuration file and let me
know if this is the correct way to go about doing this.
Changes -
authenticate : Adding in a counter to check how many times a user
gets the incorrect password from the database.
LockAccount : new method to handle the update to the database so that
accounts can be locked.
Testing -
I have tested this on OSX as that is the system i use, but i am going
to do some further testing on linux as that is what the server
application is installed on.
server.xml config would be
<Realm className="org.apache.catalina.realm.JDBCRealm"
driverName="org.gjt.mm.mysql.Driver"
connectionURL="jdbc:mysql://localhost/tomcat"
connectionName="tomcat" connectionPassword="tomcat"
userTable="users" userNameCol="user_name"
userCredCol="user_pass"
userRoleTable="user_roles" roleNameCol="role_name"
accstatusCol="accountstatus" acclockouttry="3"/>
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
