Hi, in my opinion the possibility to use a user with password to connect the database would make sense. May be that these parameters should be asked by a popup window during starting of Tomcat so that they are not stored in the configuration file. Hacking the file system is much easier than the database. I have attached two source file doing thi suggestion. Best regards Thomas Mäsing
Created attachment 1336 [details] change JDBCStore
Created attachment 1337 [details] The popup window
Created attachment 7047 [details] Adds user and password support to JDBCStore.
Created attachment 7048 [details] webapps/tomcat-docs/config/manager.xml
I have attached two diff patches. They are based on Tomcat 4.1.24 source. The patch dated 07/02/03 04:50 applies to jakarta-tomcat-4.1.24-src/catalina/src/share/ org/apache/catalina/session/JDBCStore.java to support username and password authentication. The patch dated 07/02/03 05:03 applies to jakarta-tomcat-4.1.24-src/webapps/tomcat- docs/config/manager.xml to add documentation for using the new parameters in JDBCStore.java.
*** This bug has been marked as a duplicate of bug 25889 ***