RE: [OT] Database password

2004-03-18 Thread Benz Lim
, Benz Lim -Original Message- From: Paul McCulloch [mailto:[EMAIL PROTECTED] Sent: Friday, March 12, 2004 8:16 PM To: 'Struts Users Mailing List' Subject: RE: [OT] Database password Why not put the file in area that is accessible only to the right users and have the app server run under

RE: [OT] Database password

2004-03-12 Thread Paul McCulloch
' Subject: RE: [OT] Database password Users cant access this file, but the file can be accessed by people that is not from Information Security area (Seguridad Informática). The password shouldnt be known neither by the application deployer, nor the system administrator, but only

[OT] Database password

2004-03-11 Thread Guillermo Meyer
Hi: Our Struts application is currently in production. This applciation uses an Oracle Database (we are using DBCP from jakarta). We access this database through url, user a password and we need to hide the production database password. The password is stored in a configuration file and is in

Re: [OT] Database password

2004-03-11 Thread Lucas Gonzalez
, March 11, 2004 3:49 PM Subject: [OT] Database password Hi: Our Struts application is currently in production. This applciation uses an Oracle Database (we are using DBCP from jakarta). We access this database through url, user a password and we need to hide the production database password

RE: [OT] Database password

2004-03-11 Thread Wendy Smoak
From: Guillermo Meyer [mailto:[EMAIL PROTECTED] How are your Java Applications get connected to production databases and how is the database password protected? I make no claims of best practices. My Factory class that produces (non-JDBC) connections to my database reads a .properties file

RE: [OT] Database password

2004-03-11 Thread Guillermo Meyer
- From: Lucas Gonzalez [mailto:[EMAIL PROTECTED] Sent: Jueves, 11 de Marzo de 2004 03:56 p.m. To: Struts Users Mailing List Subject: Re: [OT] Database password If the problem is the user accesing the plain text file by typing the URL in the browser... a better solution would be to tell apache

Re: [OT] Database password

2004-03-11 Thread Lucas Gonzalez
: Guillermo Meyer [EMAIL PROTECTED] To: 'Struts Users Mailing List' [EMAIL PROTECTED] Sent: Thursday, March 11, 2004 3:59 PM Subject: RE: [OT] Database password Users cant access this file, but the file can be accessed by people that is not from Information Security area (Seguridad Informática

Re: [OT] Database password

2004-03-11 Thread Niall Pemberton
: Thursday, March 11, 2004 7:07 PM Subject: Re: [OT] Database password I believe that it will be easier to define a proper security policy in your production server than trying to hide the password or encrypt it. Another option is to hard-code it into your source, but you will loose some flexibility

Re: [OT] Database password

2004-03-11 Thread Vic Cekvenich
Message - From: Guillermo Meyer [EMAIL PROTECTED] To: 'Struts Users Mailing List' [EMAIL PROTECTED] Sent: Thursday, March 11, 2004 3:59 PM Subject: RE: [OT] Database password Users cant access this file, but the file can be accessed by people that is not from Information Security area

Re: [OT] Database password

2004-03-11 Thread Daniel Henrique Alves Lima
Guillermo, we're also using DBCP. Our approach is to use our own Properties subclass. This subclass can read (and decrypt) a previously encrypted property file (using a 2-way dummy encryption algorithm)... I don't know if this is the best way but it works for us :-) object