On 28.06.20 19:50, Jürgen Weber wrote: >>>> I would like to know how to encrypt and decrypt the database password in >>>> context.xml when the application is running which also allow me to change >>>> the db password for the purpose of security. >> https://cwiki.apache.org/confluence/display/TOMCAT/Password > Well, I know a chief open source app server that has the password to > decrypt all passwords buried in its open source, and I know auditors > who are good if root cannot read passwords at first sight. The > reasoning behind that is that running java -jar someappserverlib.jar > -decrypt is a deliberate act that a god guy root does not do. So a > hidden password is a step better, even if not in the cryptographic > sense.
Hi Jürgen, I don't get your point here. Are you arguing that the linked wiki article is incorrect, insufficient or invalid? Because I believe that the article documents how to implement everything that you describe on your own, and gives arguments for why this is not implemented out of the box. Best, Olaf --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org