Hi All, I'm building a web application using MVC (and hence using Struts).
Now for security (Authentication and Authorization) of the application I'm planning to use JAAS. In the process of understanding JAAS I found that the default implementation of the authorization component expects the authorization policy has to be specified in a file. Now in this context my query is how safe is to use this file based authorization policy mapping. From my view point anyone can change this policy file to compromise with the security. Instead isn't it a better approach to put the authorization policy related rules in a database ? Please give you view points. Regards, Sourav --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
