,
Benz Lim
-Original Message-
From: Paul McCulloch [mailto:[EMAIL PROTECTED]
Sent: Friday, March 12, 2004 8:16 PM
To: 'Struts Users Mailing List'
Subject: RE: [OT] Database password
Why not put the file in area that is accessible only to the right users and
have the app server run under
'
Subject: RE: [OT] Database password
Users cant access this file, but the file can be accessed by
people that
is not from Information Security area (Seguridad Informática). The
password shouldnt be known neither by the application
deployer, nor the
system administrator, but only
Hi:
Our Struts application is currently in production. This applciation uses
an Oracle Database (we are using DBCP from jakarta).
We access this database through url, user a password and we need to
hide the production database password. The password is stored in a
configuration file and is in
, March 11, 2004 3:49 PM
Subject: [OT] Database password
Hi:
Our Struts application is currently in production. This applciation uses
an Oracle Database (we are using DBCP from jakarta).
We access this database through url, user a password and we need to
hide the production database password
From: Guillermo Meyer [mailto:[EMAIL PROTECTED]
How are your Java Applications get connected to production
databases and how is the database password protected?
I make no claims of best practices. My Factory class that produces
(non-JDBC) connections to my database reads a .properties file
-
From: Lucas Gonzalez [mailto:[EMAIL PROTECTED]
Sent: Jueves, 11 de Marzo de 2004 03:56 p.m.
To: Struts Users Mailing List
Subject: Re: [OT] Database password
If the problem is the user accesing the plain text file by typing the
URL in the browser...
a better solution would be to tell apache
: Guillermo Meyer [EMAIL PROTECTED]
To: 'Struts Users Mailing List' [EMAIL PROTECTED]
Sent: Thursday, March 11, 2004 3:59 PM
Subject: RE: [OT] Database password
Users cant access this file, but the file can be accessed by people that
is not from Information Security area (Seguridad Informática
: Thursday, March 11, 2004 7:07 PM
Subject: Re: [OT] Database password
I believe that it will be easier to define a proper security policy in
your
production server than trying to hide the password or encrypt it.
Another option is to hard-code it into your source, but you will loose
some
flexibility
Message -
From: Guillermo Meyer [EMAIL PROTECTED]
To: 'Struts Users Mailing List' [EMAIL PROTECTED]
Sent: Thursday, March 11, 2004 3:59 PM
Subject: RE: [OT] Database password
Users cant access this file, but the file can be accessed by people that
is not from Information Security area
Guillermo, we're also using DBCP.
Our approach is to use our own Properties subclass. This subclass
can read (and decrypt) a previously encrypted property file (using a
2-way dummy encryption algorithm)...
I don't know if this is the best way but it works for us :-)
object
10 matches
Mail list logo