Hi, As a Tomcat user and Java developer, I'd like to add a reply to
http://markmail.org/thread/cipopgduels3d7yh so first off, apologies this isn't a proper email reply, I just signed up to this list specifically to reply to that. Nice to see the list is so busy btw. For #1, recording failed logins etc., my needs are met by using LockOutRealm and configuring to record accesses in the log. However, I'd like to add a really strong vote for #2, more advanced authentication out of the box. We've been happy Tomcat users for a number of years and this is the only concern I have at the moment. My organisation provides software as a service for clients, in the servlet container. Most prospects and clients are rightly very concerned about security and we do as much as we can to mitigate risks. With the recent high profile hacks of the hashed password lists of e.g. LinkedIn and eHarmony, this is on my mind a bit! That's my 2p, many thanks Oliver Kohll www.agilebase.co.uk --------------------------------------------------------------------- To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
