This is an automated email from the ASF dual-hosted git repository.
markt pushed a commit to branch 8.5.x
in repository https://gitbox.apache.org/repos/asf/tomcat.git
The following commit(s) were added to refs/heads/8.5.x by this push:
new 687372b Add a note on securing the JDBC store
687372b is described below
commit 687372b2066ed8d6f72b5ba327e4e9544a7a6b6a
Author: Mark Thomas <ma...@apache.org>
AuthorDate: Tue Mar 2 21:58:23 2021 +0000
Add a note on securing the JDBC store
---
webapps/docs/security-howto.xml | 6 ++++++
1 file changed, 6 insertions(+)
diff --git a/webapps/docs/security-howto.xml b/webapps/docs/security-howto.xml
index 4a2de46..e6caca1 100644
--- a/webapps/docs/security-howto.xml
+++ b/webapps/docs/security-howto.xml
@@ -456,6 +456,12 @@
<p>The <strong>persistAuthentication</strong> controls whether the
authenticated Principal associated with the session (if any) is included
when the session is persisted during a restart or to a Store.</p>
+
+ <p>When using the <strong>JDBCStore</strong>, the session store should be
+ secured (dedciated credentials, appropriate permissions) such that only
+ the <strong>JDBCStore</strong> is able to access the persisted session
+ data. In particular, the <strong>JDBCStore</strong> should be accessible
+ via any credentials available to a web application.</p>
</subsection>
<subsection name="Cluster">
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org
