Url pointing to XML file..

[Tokhra]

Hi all,

I've just written a xml authentication javabean, however im referencing the file via a url like so:

http://localhost:8080/users.xml

Is this the best way to do this? and lock out anyone but system from accessing the file? or should I take a c:\ approach?

Also whats the best way to store this url string so that when I send the code to my client they dont need me to compile it to install? a .ini file or something?

Any advice please?
Thanks,
Matt.

 

[sedj]

User validation is usually done via a database rather than a text file (such as xml), but if you must validate against a text file, I would certainly not publish it on a website. If you put the file in a dir such as context_root/password of your webapp, you can protect it (ie not display it) by using security filters if using tomcat 5 (and I think also v4). See :

http://javapronews.com/2003/0408.html

http://jakarta.apache.org/tomcat/tomcat-5.0-doc/servletapi/index.html

http://www-106.ibm.com/developerworks/java/library/j-tomcat/?open&l=101,t=grj,p=TomcatTricks

I would also look into encrypting your passwords using the javax.crypto package.