The this is that there are serious security concerns regarding SOX audits... Are there preventative measures about cleartext pass? No, but SOX auditors could easily point out all these stuff as 'unsafe environments'...
Anyway, I'm just trying to enforce security as much as I can in my environment. I just can't assume anything... Thank you! -----Mensagem original----- De: Christopher Schultz [mailto:[EMAIL PROTECTED] Enviada em: sexta-feira, 17 de agosto de 2007 16:43 Para: Tomcat Users List Assunto: Re: RES: RES: Context.xml file -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Marcus, Milanez, Marcus wrote: > I know.. This is quite difficult to address... > > Have your company adhered to SOX already? Erm... correct me if I'm wrong, but SOX is all about public disclosure of bad things happening. There are no preventative measures or anything like that. It's not like SOX says "you can't have cleartext passwords on computers directly connected to the Internet". Of course, if it did, you could always put your app server on a private subnet and then use a web server in your DMZ. This is my preferred deployment strategy, anyway. - -chris --------------------------------------------------------------------- To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]