This is probably not the only way to accomplish what you want, but a simple one to code for.
1)Define your DataSource resource in <GlobalNamingResources> of conf/server.xml. 2)Add a <ResourceLink> to the DataSource in the application context file in conf/Catalina/<yourserver>/<yourapp>.xml This way the only applications that are able to access the datasource are the ones with a <ResourceLink> entry. -----Original Message----- From: ext Pfingstl Gernot [mailto:[EMAIL PROTECTED] Sent: Sunday, January 18, 2004 3:32 PM To: [EMAIL PROTECTED] Subject: DataSource Realm If I want to use a DataSourceRealm (tomcat 4.1) like <Realm className="org.apache.catalina.realm.DataSourceRealm" dataSourceName="java:/comp/env/jdbc/authority" ... /> I had to configure a JNDI named JDBC DataSource "java:/comp/env/jdbc/authority". So all web applications can also use this DataSource and can read the user-table - this is possibly a security hole. Is there a way to prohibit web applications to use this DataSource? Thanks, Gernot --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
