I'm going to answer this in terms of an SSL connection from a client to your webserver (Apache or Tomcat, etc)... In the Tomcat documentation it states that when an SSL connection is made, the connection is encrypted from the client to the webserver as in any normal webserver situation. The server itself is responsible for taking the encrypted stream, un-encrypting them and then forwarding them on to the respective called for agent (in this case Cocoon)... So, Cocoon would only be as secure as the level of SSL encryption employed by your container webserver (128 bit, for example)...
Please look at the Tomcat startup page and click on their Security-HOW-TO section... cool. peace. JOe... On Sat, 16 Mar 2002 19:30:49 +0000 Peter Robins <[EMAIL PROTECTED]> wrote: >On Friday 15 Mar 2002 11:07 pm, Vadim Gritsenko wrote: >> >> How do you handle plain text DB password in the >>weblogic's config.xml >> file? Or in the JRun server's local.properties file? Or >>Tomcat's >> server.xml? > >I don't. I don't use weblogic or jrun, nor do I have >passwords in server.xml > >> I guess that you can apply same technique to the >>Cocoon's cocoon.xconf. >> >> PS Cocoon uses Avalon's JDBC pools, so you may want to >>ask this on >> Avalon list. > >the question wasn't specific to DB, but a general >question as to whether >Cocoon handles encrypted data elements. However, looks >like I have the answer >- no :-) > >--------------------------------------------------------------------- >Please check that your question has not already been >answered in the >FAQ before posting. ><http://xml.apache.org/cocoon/faqs.html> > >To unsubscribe, e-mail: ><[EMAIL PROTECTED]> >For additional commands, e-mail: ><[EMAIL PROTECTED]> > --------------------------------------------------------------------- Please check that your question has not already been answered in the FAQ before posting. <http://xml.apache.org/cocoon/faqs.html> To unsubscribe, e-mail: <[EMAIL PROTECTED]> For additional commands, e-mail: <[EMAIL PROTECTED]>
