On Wed, 2008-09-03 at 23:25 +0100, Mark Thomas wrote: > [EMAIL PROTECTED] wrote: > > Author: markt > > Date: Wed Sep 3 15:18:39 2008 > > New Revision: 691805 > > > > URL: http://svn.apache.org/viewvc?rev=691805&view=rev > > Log: > > Add a new combined Realm that can be used to try authenticating against > > multiple realms.
> Note that whilst users have been asking for this for a while, I wrote this > as the basis for a LockOut Realm (to follow) that will lock out users after > a set number of failed logins (with lots of configuration options). This > is in response to the incidents back in July/August where it appeared > attackers were using brute force attacks to gain access to Tomcat webapps, > mainly the admin and manager app. Granted these apps shouldn't be public > facing but adding LockOut functionality to the Realms is a good idea from a > security point of view. > > The LockOut Realm will follow when I finish writing it ;) Ah ok, but besides some special functions realms like this LockOut thing, it does not seem to me like good security to store credentials in multiple places :( Rémy --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
