My mistake. I don't know. Sorry.
----- Original Message -----
From: "Shamdasani Nimmi-ANS004" <[EMAIL PROTECTED]>
To: <[EMAIL PROTECTED]>
Sent: Wednesday, September 05, 2001 9:59 AM
Subject: RE: How have others handled management concerns over storing
database userid and password in struts-config.xml?
> I am using struts way of handling database using struts-config.xml. Where
would I encrypt it?
>
> -----Original Message-----
> From: Ernest Jones [mailto:[EMAIL PROTECTED]]
> Sent: Wednesday, September 05, 2001 10:46 AM
> To: [EMAIL PROTECTED]
> Subject: Re: How have others handled management concerns over storing
> database userid and password in struts-config.xml?
>
>
> If they're not getting the firewall reasoning, you could encrypt it, using
> sun's JCE api's. That might help your bosses feel better.
>
> ----- Original Message -----
> From: "Shamdasani Nimmi-ANS004" <[EMAIL PROTECTED]>
> To: "struts-user@jakarta. apache. org (E-mail)"
> <[EMAIL PROTECTED]>
> Sent: Wednesday, September 05, 2001 9:24 AM
> Subject: How have others handled management concerns over storing database
> userid and password in struts-config.xml?
>
>
> > Hi,
> >
> > Here's my problem. My management feels that storing the database
> account(userid/password)in the config file is a security risk. According
to
> them a hacker can get access to the whole database if they can get access
to
> this info.
> >
> > Supposedly the security team wants to put the application server outside
> the Firewall in Quarantine zone and the database behind the FW.
> >
> > Did any of you had to go thru this issue and how did you explain/resolve
> it.
> >
> > Can someone help me dispel their concern?
> >
> > TIA.
> >
> > -Nimmi
> >
