This isn't what I want to do. In this way, you described, the web application can also obtain a DataSource and so a connection to the user database.
We have a tomcat admin, which sets up the user database. And a lot of people which writes web application. The tomcat admin wants to protect the userdatabase in the way that no application has access to it. Gernot -----Urspr�ngliche Nachricht----- Von: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Gesendet: Montag, 19. J�nner 2004 15:00 An: [EMAIL PROTECTED] Betreff: RE: DataSource Realm This is probably not the only way to accomplish what you want, but a simple one to code for. 1)Define your DataSource resource in <GlobalNamingResources> of conf/server.xml. 2)Add a <ResourceLink> to the DataSource in the application context file in conf/Catalina/<yourserver>/<yourapp>.xml This way the only applications that are able to access the datasource are the ones with a <ResourceLink> entry. -----Original Message----- From: ext Pfingstl Gernot [mailto:[EMAIL PROTECTED] Sent: Sunday, January 18, 2004 3:32 PM To: [EMAIL PROTECTED] Subject: DataSource Realm If I want to use a DataSourceRealm (tomcat 4.1) like <Realm className="org.apache.catalina.realm.DataSourceRealm" dataSourceName="java:/comp/env/jdbc/authority" ... /> I had to configure a JNDI named JDBC DataSource "java:/comp/env/jdbc/authority". So all web applications can also use this DataSource and can read the user-table - this is possibly a security hole. Is there a way to prohibit web applications to use this DataSource? Thanks, Gernot --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
