Actually, the keystorePassword for the Tomcat SSL Web Connector is indeed
getting encrypted by the server in the config.xml, so it seems that the
encryption for passwords in config.xml is built-in by default.
[EMAIL PROTECTED] wrote on 02-22-2007 01:24:24 PM:
On 2/22/07, David Jencks [EMAIL
David Jencks [EMAIL PROTECTED] wrote on 02-22-2007 12:01:11 PM:
On Feb 22, 2007, at 6:12 AM, Aman Nanner/MxI Technologies wrote:
Hi,
I have noticed that passwords in plans and configuration files in
Geronimo
(1.2-beta) are not encrypted by the server, and remain in
plaintext.
There is some built-in encryption available. My recollection was that
the server tried to apply it to settings with password in the name,
but it may have changed in 1.2-beta.
Thanks,
Aaron
On 2/22/07, Aman Nanner/MxI Technologies [EMAIL PROTECTED] wrote:
Hi,
I have noticed that
On Feb 22, 2007, at 9:23 AM, Aman Nanner/MxI Technologies wrote:
David Jencks [EMAIL PROTECTED] wrote on 02-22-2007 12:01:11 PM:
On Feb 22, 2007, at 6:12 AM, Aman Nanner/MxI Technologies wrote:
Hi,
I have noticed that passwords in plans and configuration files in
Geronimo
(1.2-beta)
On Feb 22, 2007, at 9:35 AM, Aaron Mulder wrote:
There is some built-in encryption available. My recollection was that
the server tried to apply it to settings with password in the name,
but it may have changed in 1.2-beta.
I haven't found the code that does this, but I think that it
Another approach for the db/jms connectors that I like although I'm
not sure if its completely tested is to leave out the user/pw from
the plans and use Subject based authentication. With this approach
you'd add a login module to the security realm that would insert
appropriate UserPassword
On 2/22/07, David Jencks [EMAIL PROTECTED] wrote:
I haven't found the code that does this, but I think that it encrypts
config.xml rather than any plans. I could be very wrong although
since plans aren't needed at runtime I can't see how encryption could
be applied to them.
I think it's in