-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Mark,
On 2/21/2009 4:06 PM, Mark Thomas wrote: > 5. Patch DataSourceRealm > > 6. Make case sensitivity configurable and contribute your patch back to > the ASF. 7. Use securityfilter to write your realm, and not be tied to Tomcat. 8. Many databases use case-insensitive string comparisons already. Case-insensitive passwords (probably a bad idea!) will work if you aren't hashing them. If you are, you'll have to lowercase them or something. If you /are/ hashing them, you'll need to do a password migration where anyone who changes their password gets it lowercased but passwords that existed beforehand are still case-sensitive. You cannot avoid this, now matter what your solution is. - -chris -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.9 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iEYEARECAAYFAkmhZ48ACgkQ9CaO5/Lv0PAlOACgrwTelHoTXc0nAbo0+D0rFhez G3YAnjh3JqHj/bLWvFY2vsFFRMTcd7oK =GYQE -----END PGP SIGNATURE----- --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
