I am not sure I understand what you mean. For example, if I want to write a login module to have user name, password and domain name (for windows), I probably need to write a custom login module for both the client and server side. In such case, I am hoping that the same user name and password but with a different domain name will be considered as two different users (two separate authentication, nothing shared between the two). I not, it seems to be quite a security hole. If this is correct, I can probably replace the domain name by client generated unique id that will uniquely identify each login request.
Thomas View the original post : http://www.jboss.org/index.html?module=bb&op=viewtopic&p=3876566#3876566 Reply to the post : http://www.jboss.org/index.html?module=bb&op=posting&mode=reply&p=3876566 ------------------------------------------------------- This SF.Net email is sponsored by: NEC IT Guy Games. Get your fingers limbered up and give it your best shot. 4 great events, 4 opportunities to win big! Highest score wins.NEC IT Guy Games. Play to win an NEC 61 plasma display. Visit http://www.necitguy.com/?r=20 _______________________________________________ JBoss-user mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/jboss-user
