This is an automated email from the ASF dual-hosted git repository.
markt pushed a commit to branch 7.0.x
in repository https://gitbox.apache.org/repos/asf/tomcat.git
The following commit(s) were added to refs/heads/7.0.x by this push:
new dd4f35a Add a note on securing the JDBC store
dd4f35a is described below
commit dd4f35a08c895f393d6113508afc45022cb78874
Author: Mark Thomas <[email protected]>
AuthorDate: Tue Mar 2 21:58:23 2021 +0000
Add a note on securing the JDBC store
---
webapps/docs/security-howto.xml | 6 ++++++
1 file changed, 6 insertions(+)
diff --git a/webapps/docs/security-howto.xml b/webapps/docs/security-howto.xml
index 694a7a7..29b96aa 100644
--- a/webapps/docs/security-howto.xml
+++ b/webapps/docs/security-howto.xml
@@ -453,6 +453,12 @@
<p>The <strong>persistAuthentication</strong> controls whether the
authenticated Principal associated with the session (if any) is included
when the session is persisted during a restart or to a Store.</p>
+
+ <p>When using the <strong>JDBCStore</strong>, the session store should be
+ secured (dedciated credentials, appropriate permissions) such that only
+ the <strong>JDBCStore</strong> is able to access the persisted session
+ data. In particular, the <strong>JDBCStore</strong> should be accessible
+ via any credentials available to a web application.</p>
</subsection>
<subsection name="Cluster">
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
