DO NOT REPLY TO THIS EMAIL, BUT PLEASE POST YOUR BUG RELATED COMMENTS THROUGH THE WEB INTERFACE AVAILABLE AT <http://nagoya.apache.org/bugzilla/show_bug.cgi?id=18004>. ANY REPLY MADE TO THIS MESSAGE WILL NOT BE COLLECTED AND INSERTED IN THE BUG DATABASE.
http://nagoya.apache.org/bugzilla/show_bug.cgi?id=18004 JDBCRealm.authenticate() eats SQLExceptions and should not [EMAIL PROTECTED] changed: What |Removed |Added ---------------------------------------------------------------------------- Status|NEW |RESOLVED Resolution| |WONTFIX ------- Additional Comments From [EMAIL PROTECTED] 2003-08-08 17:19 ------- As already stated, the realm does logs the exception so any error which is occuring may be discovered by the server administrator. For security purposes, the user should be denied access with the default webapp or container error message. Anything less is a security violation. This will NOT be fixed in tomcat. If this is still an issue, I recommend extending JDBCRealm (which is a non-final class) with your proposed fix and deploy it to $CATALINA_HOME/server/classes dir (as well as following all the needed instructions for writing a custom realm) --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
