I'm looking at the authenticate methods (package org.apache.catalina.realm.JDBCRealm and JAASRealm, for example) and wonder what sort of limitations are intended for this code. Are there restrictions regarding which packages can have instances of these classes and/or call "special" methods that handle (for example) passwords? Is there data that "should" not be passed around beyond certain boundaries?
My questions are about design intent. Obviously there are restrictions based on package, "private" designation, etc. But I'm interested in further intended limitations. Could someone theoretically write code that makes inappropriate use of password access, encryption, or decryption methods or even of certain fields or objects? David --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
