ср, 3 мар. 2021 г. в 00:59, <ma...@apache.org>: > > This is an automated email from the ASF dual-hosted git repository. > > markt pushed a commit to branch master > in repository https://gitbox.apache.org/repos/asf/tomcat.git > > > The following commit(s) were added to refs/heads/master by this push: > new 63300af Add a note on securing the JDBC store > 63300af is described below > > commit 63300af16bcf90414f51323b82bbcbbc0ebe3a87 > Author: Mark Thomas <ma...@apache.org> > AuthorDate: Tue Mar 2 21:58:23 2021 +0000 > > Add a note on securing the JDBC store > --- > webapps/docs/security-howto.xml | 6 ++++++ > 1 file changed, 6 insertions(+) > > diff --git a/webapps/docs/security-howto.xml b/webapps/docs/security-howto.xml > index 34c62da..b986dc7 100644 > --- a/webapps/docs/security-howto.xml > +++ b/webapps/docs/security-howto.xml > @@ -464,6 +464,12 @@ > <p>The <strong>persistAuthentication</strong> controls whether the > authenticated Principal associated with the session (if any) is > included > when the session is persisted during a restart or to a Store.</p> > + > + <p>When using the <strong>JDBCStore</strong>, the session store should > be > + secured (dedciated credentials, appropriate permissions) such that only > + the <strong>JDBCStore</strong> is able to access the persisted session > + data. In particular, the <strong>JDBCStore</strong> should be > accessible > + via any credentials available to a web application.</p>
I think that you meant to use "should not" in the last sentence. Also s/dedciated /dedicated/ > </subsection> > > <subsection name="Cluster"> > > > --------------------------------------------------------------------- > To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org > For additional commands, e-mail: dev-h...@tomcat.apache.org > --------------------------------------------------------------------- To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
