hswritter [
http://community.jboss.org/people/hswritter] created the discussion
"question on securing a datasource"
To view the discussion, visit:
http://community.jboss.org/message/570602#570602
--------------------------------------------------------------
I'm currently using an SLSB that validates a user's login to a database where the
database is configured to lock the user's account after several bad password
attempts. If I have a previous valid connection for a user still active in the jboss
database connection pool and a new login attempt has locked the user's account, I find
an application can still attempt to 'guess' the user's password until the
previous active connection in the pool expires due to the idle timeout setting. An
application can keep guessing the user's password and if it gets it correct, the
previous active connection in the pool allows the appliction to connect to the database
even if it is originating from a different ip address. Is there a way I can get a
reference to the jboss database pool to flush out active connections for this situation or
another way to make this more secure?
--------------------------------------------------------------
Reply to this message by going to Community
[
http://community.jboss.org/message/570602#570602]
Start a new discussion in Datasource Configuration at Community
[
http://community.jboss.org/choose-container!input.jspa?contentType=1&...]