Hi all,
A direct question arising from a security review :-
Using a datasource it is possible to remove the 'username', 'password' or at least
encrypt them using someting like MD5
thanks in advance for your info
Thomas
The username and password still need decrypted at some time. It just makes
the attacker jump through 1 hoop.
Using file permissions on the config file as well and server security are the
ways to go.
-Tim
Curley, Thomas wrote:
Hi all,
A direct question arising from a security review :-
Subject: Re: Security Hole - server.xml
The username and password still need decrypted at some time. It just makes
the attacker jump through 1 hoop.
Using file permissions on the config file as well and server security are the
ways to go.
-Tim
Curley, Thomas wrote:
Hi all,
A direct question
Funk [mailto:[EMAIL PROTECTED]
Sent: 26 November 2003 13:51
To: Tomcat Users List
Subject: Re: Security Hole - server.xml
The username and password still need decrypted at some time. It just makes
the attacker jump through 1 hoop.
Using file permissions on the config file as well and server security
if a hacker gets root
priv's ?
thanks
Thomas
-Original Message-
From: Tim Funk [mailto:[EMAIL PROTECTED]
Sent: 26 November 2003 13:51
To: Tomcat Users List
Subject: Re: Security Hole - server.xml
The username and password still need decrypted at some time. It just makes
Message-
From: Curley, Thomas [mailto:[EMAIL PROTECTED]
Sent: Wednesday, November 26, 2003 8:53 AM
To: Tomcat Users List
Subject: RE: Security Hole - server.xml
I'd feel more secure with an MD5 or SHA1 encrypted user and password that relying on
unix file level security - what happens
A direct question arising from a security review :-
Using a datasource it is possible to remove the 'username',
'password' or at least encrypt them using someting like MD5
The Password can be digested. See
The link below is for users logging-in (FORM or BASIC). Not for database
connections.
-Tim
[EMAIL PROTECTED] wrote:
A direct question arising from a security review :-
Using a datasource it is possible to remove the 'username',
'password' or at least encrypt them using someting like MD5
The
2003 13:51
To: Tomcat Users List
Subject: Re: Security Hole - server.xml
The username and password still need decrypted at some time.
It just makes
the attacker jump through 1 hoop.
Using file permissions on the config file as well and server
security are the
ways to go.
-Tim
, but if they have some brains will get through
eventually.
Greg
thanks
Thomas
-Original Message-
From: Tim Funk [mailto:[EMAIL PROTECTED]
Sent: 26 November 2003 13:51
To: Tomcat Users List
Subject: Re: Security Hole - server.xml
The username and password still need decrypted
to server.xml
Thomas
-Original Message-
From: Bob Jacoby [mailto:[EMAIL PROTECTED]
Sent: 26 November 2003 17:10
To: [EMAIL PROTECTED]
Subject: RE: Security Hole - server.xml
I consider things like this. By encrypting the password I'm protecting against casual
learning
have MD5 to store your
passwords with.
Justin
-Original Message-
From: Curley, Thomas [mailto:[EMAIL PROTECTED]
Sent: Wednesday, November 26, 2003 1:13 PM
To: Tomcat Users List
Subject: RE: Security Hole - server.xml
Note - in reply to Justin - I don't have a multi-tier login
So
thanks for your time Justin - I will look into this - T
-Original Message-
From: Hart, Justin [mailto:[EMAIL PROTECTED]
Sent: 26 November 2003 18:17
To: Tomcat Users List
Subject: RE: Security Hole - server.xml
Well, right, but if you were to inherit from the realm that you wanted
No prob, good luck.
-Original Message-
From: Curley, Thomas [mailto:[EMAIL PROTECTED]
Sent: Wednesday, November 26, 2003 1:21 PM
To: Tomcat Users List
Subject: RE: Security Hole - server.xml
thanks for your time Justin - I will look into this - T
-Original Message-
From: Hart
14 matches
Mail list logo