Re: How have others handled management concerns over storing databaseuserid and password in struts-config.xml?

You would want to restrict what kind of access your generic Web user has to the database. If the permissions are set right on the database, then they can't do much they couldn't do from the Website anyway. You should also restrict from where the Web user login can be used. It should only be

RE: How have others handled management concerns over storing databaseuserid and password in struts-config.xml?

handled management concerns over storing databaseuserid and password in struts-config.xml? You would want to restrict what kind of access your generic Web user has to the database. If the permissions are set right on the database, then they can't do much they couldn't do from the Website anyway

Re: How have others handled management concerns over storing databaseuserid and password in struts-config.xml?

Shamdasani Nimmi-ANS004 wrote: Each application user, i.e., a supplier has only access to a subset of the database depending on what he/she is allowed to see but the database account(the account which is used by the application to get the connection pool) has access to the complete database.