I am using struts way of handling database using struts-config.xml. Where would I
encrypt it?
-----Original Message-----
From: Ernest Jones [mailto:[EMAIL PROTECTED]]
Sent: Wednesday, September 05, 2001 10:46 AM
To: [EMAIL PROTECTED]
Subject: Re: How have others handled management concerns over storing
database userid and password in struts-config.xml?
If they're not getting the firewall reasoning, you could encrypt it, using
sun's JCE api's. That might help your bosses feel better.
----- Original Message -----
From: "Shamdasani Nimmi-ANS004" <[EMAIL PROTECTED]>
To: "struts-user@jakarta. apache. org (E-mail)"
<[EMAIL PROTECTED]>
Sent: Wednesday, September 05, 2001 9:24 AM
Subject: How have others handled management concerns over storing database
userid and password in struts-config.xml?
> Hi,
>
> Here's my problem. My management feels that storing the database
account(userid/password)in the config file is a security risk. According to
them a hacker can get access to the whole database if they can get access to
this info.
>
> Supposedly the security team wants to put the application server outside
the Firewall in Quarantine zone and the database behind the FW.
>
> Did any of you had to go thru this issue and how did you explain/resolve
it.
>
> Can someone help me dispel their concern?
>
> TIA.
>
> -Nimmi
>
