On Tue, 8 May 2001, Manabendra Sarkar wrote: > but if i use external security mechanism, will it be dynamic? i mean to say, > if the admin wants to change his/her password from the application > (using admin interface), how can he/she do that without restarting the > server? > There is no global answer to that question, because it depends on how your security information is looked up. Just as an example of what's possible, consider how Tomcat 4.0 implements container managed security. The default mechanism is a simple XML file that is read once when the app starts up, so any changes require an application restart. However, you can easily configure Tomcat to look up users and roles in a database (via JDBC) or a directory server (via JNDI). In these cases, changes you make to the usernames, their passwords, and their security roles *are* dynamically recognized, because they are looked up every time the user logs on. Craig McClanahan
- Re: Potential Security Flaw in S... Jeff Trent
- RE: Potential Security Flaw in Struts... Christian Cryder
- RE: Potential Security Flaw in Struts... Nanduri, Amarnath
- RE: Potential Security Flaw in Struts... George, Carl
- RE: Potential Security Flaw in Struts... Curt Hagenlocher
- RE: Potential Security Flaw in Struts... Shunhui Zhu
- Re: Potential Security Flaw in Struts... casey kochmer
- RE: Potential Security Flaw in Struts... Anthony Martin
- RE: Potential Security Flaw in Struts... Manabendra Sarkar
- Re: Potential Security Flaw in S... Martin Duffy
- RE: Potential Security Flaw in S... Craig R. McClanahan
- RE: Potential Security Flaw in Struts... Assenza, Chris
- RE: Potential Security Flaw in Struts... Yi-Xiong Zhou
- RE: Potential Security Flaw in Struts... Sean Pritchard
- Re: Potential Security Flaw in S... Jonathan
- RE: Potential Security Flaw ... Christian Cryder
- RE: Potential Security Flaw in Struts... Jon.Ridgway
- Re: Potential Security Flaw in Struts... RAdams2472
- RE: Potential Security Flaw in Struts... SCHACHTER,MICHAEL (HP-NewJersey,ex2)
