I have been testing the datasource database realm in combination with the
new Tomcat database pool and it seems to work fine.
However I would like to know if you guys use the same database pool for your
application or a separate pool for the application and a separate pool for
the realm.
But if the user has the session then he or she can change the user
credentials (of course only for this site unless the password is shown in
the system, which would be really bad) or if the user has enough rights
add a new user which can be used by the hacker.
Remember how easy it is to hijack
We are running the 64-bit version of Java VM 1.6_06 together with Apache
Tomcat 6.0.32 on a 64-bit Windows Server 2003.
After we installed the latest security updates this Wednesday to Windows
the Java VM running Tomcat started to crash (it has now happened three
times.
After some investigation it