[EMAIL PROTECTED] wrote: > Author: markt > Date: Wed Sep 3 15:18:39 2008 > New Revision: 691805 > > URL: http://svn.apache.org/viewvc?rev=691805&view=rev > Log: > Add a new combined Realm that can be used to try authenticating against > multiple realms.
Note that whilst users have been asking for this for a while, I wrote this as the basis for a LockOut Realm (to follow) that will lock out users after a set number of failed logins (with lots of configuration options). This is in response to the incidents back in July/August where it appeared attackers were using brute force attacks to gain access to Tomcat webapps, mainly the admin and manager app. Granted these apps shouldn't be public facing but adding LockOut functionality to the Realms is a good idea from a security point of view. The LockOut Realm will follow when I finish writing it ;) Mark --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
