A couple of observations:
- If someone can read the context descriptor they pretty much own
Tomcat and probably the server as well. If this person is unauthorised,
you have big problems regardless of whether or not they have read-only
access to the database.
- If the password is encrypted, whe
I thing you can use the Java Security Manager and OS level file
permisssion for this
or wrote your own DataSource JNDI Factory.
Peter
Brett Parsons schrieb:
Hi All,
There is a requirement on the server that we have Tomcat 5.0.28
deployed that no username/password information can be stored i
Hi All,
There is a requirement on the server that we have Tomcat 5.0.28 deployed
that no username/password information can be stored in plaintext (in the
open). Like many people, we are using JNDI datasources in our web
application. The datasource connection information (including the databa