Those are very valid questions.
1. Yes so i guess there could be a default value in the code so that
it could always be set to 3 unless
set by the admin.
2. I am not sure how to handle this, as if you only had read access
to the database then there would be no
way to set this up, unless you created some sort of hashmap in
the code to store which users
were locked and which were not.
3. I was just thinking of using the standard log file output. did you
have something else in mind ?
Regards
On 1 May 2006, at 20:44, Filip Hanik - Dev Lists wrote:
sounds like a useful feature, are you considering
1. That the feature must be 100% backwards compatible, ie work if
they dont specify the column or the column doesn't exist
2. That some database admins might only give you a read only
connection, so the column exists but is not writable
3. How to alert a sysadmin if a user has been locked out
Filip
Benjamin Cuthbert wrote:
All
I am trying to improve the security for authenticating users on my
JDBC realm. What we require is the ability to lock out accounts on
the database
when a user enters more than 3 incorrect passwords. Now i have
made some changes to the JDBCRealm.java and i would like some
comments
on the features that i have added. Could someone from the tomcat
team have a look at the attached code and configuration file and
let me
know if this is the correct way to go about doing this.
Changes -
authenticate : Adding in a counter to check how many times a user
gets the incorrect password from the database.
LockAccount : new method to handle the update to the database so
that accounts can be locked.
Testing -
I have tested this on OSX as that is the system i use, but i am
going to do some further testing on linux as that is what the server
application is installed on.
server.xml config would be
<Realm className="org.apache.catalina.realm.JDBCRealm"
driverName="org.gjt.mm.mysql.Driver"
connectionURL="jdbc:mysql://localhost/tomcat"
connectionName="tomcat" connectionPassword="tomcat"
userTable="users" userNameCol="user_name"
userCredCol="user_pass"
userRoleTable="user_roles" roleNameCol="role_name"
accstatusCol="accountstatus" acclockouttry="3"/>
---------------------------------------------------------------------
---
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
