DO NOT REPLY TO THIS EMAIL, BUT PLEASE POST YOUR BUGĀ· RELATED COMMENTS THROUGH THE WEB INTERFACE AVAILABLE AT <http://issues.apache.org/bugzilla/show_bug.cgi?id=38577>. ANY REPLY MADE TO THIS MESSAGE WILL NOT BE COLLECTED ANDĀ· INSERTED IN THE BUG DATABASE.
http://issues.apache.org/bugzilla/show_bug.cgi?id=38577 Summary: Enhance logging of security failures Product: Tomcat 5 Version: Nightly Build Platform: All OS/Version: All Status: NEW Severity: enhancement Priority: P3 Component: Connector:HTTP AssignedTo: [email protected] ReportedBy: [EMAIL PROTECTED] When failing either authentication or access control, Tomcat only logs a debug message. It would be very valuable to log these failures as warnings. This would enable system administrators to watch for patterns, such as password crack attempts or repeated attempts to access unauthorized resources. In addition to upgrading the log entry to a warning, all appropriate data about the failure should be logged, such as the IP, user, resource, etc. I believe this change could be made in the AuthenticatorBase class, which would enhance all subclasses. -- Configure bugmail: http://issues.apache.org/bugzilla/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are the assignee for the bug, or are watching the assignee. --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
