This is an automated email from the ASF dual-hosted git repository.
markt pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/tomcat.git
The following commit(s) were added to refs/heads/master by this push:
new 63300af Add a note on securing the JDBC store
63300af is described below
commit 63300af16bcf90414f51323b82bbcbbc0ebe3a87
Author: Mark Thomas <ma...@apache.org>
AuthorDate: Tue Mar 2 21:58:23 2021 +0000
Add a note on securing the JDBC store
---
webapps/docs/security-howto.xml | 6 ++++++
1 file changed, 6 insertions(+)
diff --git a/webapps/docs/security-howto.xml b/webapps/docs/security-howto.xml
index 34c62da..b986dc7 100644
--- a/webapps/docs/security-howto.xml
+++ b/webapps/docs/security-howto.xml
@@ -464,6 +464,12 @@
<p>The <strong>persistAuthentication</strong> controls whether the
authenticated Principal associated with the session (if any) is included
when the session is persisted during a restart or to a Store.</p>
+
+ <p>When using the <strong>JDBCStore</strong>, the session store should be
+ secured (dedciated credentials, appropriate permissions) such that only
+ the <strong>JDBCStore</strong> is able to access the persisted session
+ data. In particular, the <strong>JDBCStore</strong> should be accessible
+ via any credentials available to a web application.</p>
</subsection>
<subsection name="Cluster">
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org
