This is an automated email from the ASF dual-hosted git repository.
markt pushed a commit to branch 9.0.x
in repository https://gitbox.apache.org/repos/asf/tomcat.git
The following commit(s) were added to refs/heads/9.0.x by this push:
new 735f12e Add a note on securing the JDBC store
735f12e is described below
commit 735f12e7cc1c955633a03278c8a8920595f24c7a
Author: Mark Thomas <ma...@apache.org>
AuthorDate: Tue Mar 2 21:58:23 2021 +0000
Add a note on securing the JDBC store
---
webapps/docs/security-howto.xml | 6 ++++++
1 file changed, 6 insertions(+)
diff --git a/webapps/docs/security-howto.xml b/webapps/docs/security-howto.xml
index 551b118..c26021d 100644
--- a/webapps/docs/security-howto.xml
+++ b/webapps/docs/security-howto.xml
@@ -456,6 +456,12 @@
<p>The <strong>persistAuthentication</strong> controls whether the
authenticated Principal associated with the session (if any) is included
when the session is persisted during a restart or to a Store.</p>
+
+ <p>When using the <strong>JDBCStore</strong>, the session store should be
+ secured (dedciated credentials, appropriate permissions) such that only
+ the <strong>JDBCStore</strong> is able to access the persisted session
+ data. In particular, the <strong>JDBCStore</strong> should be accessible
+ via any credentials available to a web application.</p>
</subsection>
<subsection name="Cluster">
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org
