-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Yucca Nel,
On 6/2/2010 8:27 PM, yucca...@live.co.za wrote: > There was a question as to why I am using a realm and application > based realm and I have no idea howcome people think I am not using only > tomcat realm? It's not that we think you're using a non-Tomcat Realm: it's that we think you're using the /wrong/ Tomcat Realm. See... JDBCRealm uses its own set of credentials to connect to the database and uses a single Connection object, requiring lots of synchronization to protect that shared resource. Basically, it's not appropriate for production because of those two facts. Instead, we're suggesting that you set up a DataSource and then use a DataSourceRealm which will use a connection-per-authentication-attempt and is much more high-performance. > hibernate is not doing any security related stuff other than persisiting > new users and thier credentials to mysql. Tomcat is only managing > security and hibernate everything else... Hope this clears up > discussion. :) Is hibernate using a Tomcat-created DataSource? If not, you're making your life harder by placing database connection configuration in several places instead of just one. - -chris -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.10 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iEYEARECAAYFAkwGW8IACgkQ9CaO5/Lv0PALlwCgwejhODA7bB92UMEbgpIPGb8R 3RoAn3BXDzQWZ5497EKzaSP1W84Mtqu2 =zCtF -----END PGP SIGNATURE----- --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org