If I want to use a DataSourceRealm (tomcat 4.1) like <Realm className="org.apache.catalina.realm.DataSourceRealm" dataSourceName="java:/comp/env/jdbc/authority" ... /> I had to configure a JNDI named JDBC DataSource "java:/comp/env/jdbc/authority". So all web applications can also use this DataSource and can read the user-table - this is possibly a security hole. Is there a way to prohibit web applications to use this DataSource?
Thanks, Gernot --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
