Encrypted with a symmetric encryption routine or possibly encoded.
Then the key storage becomes an issue, because it clearly can't be
stored securely if the server can restart on its own. This is the
same route a lot of servers like WebSphere use and is known to be
easily decoded/decrypted.
(Yes, I am playing Devils Advocate. No I am not saying don't do
this. But be aware of the inherent risks...)
-dhs
Dean H. Saxe, CISSP, CEH
[EMAIL PROTECTED]
"[T]he people can always be brought to the bidding of the leaders.
This is easy. All you have to do is to tell them they are being
attacked, and denounce the pacifists for lack of patriotism and
exposing the country to danger. It works the same in every country."
--Hermann Goering, Hitler's Reich-Marshall at the Nuremberg Trials
On Apr 2, 2008, at 1:11 PM, Douglas Knudsen wrote:
I've used the approach Charlie outlined before. In both the JMC and
CFAdmin tools the dsn password is encrypted in the xml file.
DK
On 4/2/08, Dean H. Saxe <[EMAIL PROTECTED]> wrote:
But of course any of those configs is vulnerable to the password
being
stolen. Its an interesting problem for production boxes and one I
hope to see a whitepaper from Foundstone on soon... ;-)
There are some products out there that allow credentials to be
"checked out" when needed (think like source control), but I have not
yet looked into them.
-dhs
Dean H. Saxe, CISSP, CEH
[EMAIL PROTECTED]
"What is objectionable, what is dangerous about extremists is not
that
they are extreme, but that they are intolerant."
-- Robert F. Kennedy, 1964
On Apr 2, 2008, at 9:41 AM, [EMAIL PROTECTED] wrote:
Hello,
We have some java application using its own datasource to
connect to the database. This requires either hardcoding username
and password or put it in a config file. Is there a way for this
jav app to use datasources defined in Coldfusion so that java app
can share the same db connection pool?
Jay Jayaraman
Central Billing Services
Financial Management and Planning
(404) 498-8453 (W)
(404) 273-7131 (C)
-------------------------------------------------------------
Annual Sponsor - Figleaf Software
To unsubscribe from this list, manage your profile @
http://www.acfug.org?fa=login.edituserform
For more info, see http://www.acfug.org/mailinglists
Archive @ http://www.mail-archive.com/discussion%40acfug.org/
List hosted by FusionLink
-------------------------------------------------------------
--
Sent from Gmail for mobile | mobile.google.com
Douglas Knudsen
http://www.cubicleman.com
this is my signature, like it?
-------------------------------------------------------------
Annual Sponsor FigLeaf Software - http://www.figleaf.com
To unsubscribe from this list, manage your profile @
http://www.acfug.org?fa=login.edituserform
For more info, see http://www.acfug.org/mailinglists
Archive @ http://www.mail-archive.com/discussion%40acfug.org/
List hosted by http://www.fusionlink.com
-------------------------------------------------------------
