On Sat, 2004-04-03 at 02:10, Parsons Technical Services wrote:
> And if I am in control of the server, then I have access to that certificate
> as well.
>
> The point is simply that with proper permissions your password is as safe as
> it needs to be. If someone gets to it, you have way bigger pro
> > If I can read the server.xml then I can read your .class file the
decrypts
> > it and thus can still get your password.
> I still can use certificate to encript decript...
And if I am in control of the server, then I have access to that certificate
as well.
The point is simply that with prope
Hi. I've had some time to think about this subject especially since
others have brought it up before.
The real honest to goodness problem is that eventually you'll need to
deal with a password. That's just unavoidable. You could encrypt the
password, but that would just need another password
Parsons Technical Services wrote:
Emerson,
- Being in plain text in server.xml (as configured for tomcat)
Protect the file with permissions.
- Read the web.xml by a standalone app and encript the password, in my
connection servlet I read it and decritp it.
- Have a separate file for each pool,
Emerson,
> - Being in plain text in server.xml (as configured for tomcat)
Protect the file with permissions.
> - Read the web.xml by a standalone app and encript the password, in my
> connection servlet I read it and decritp it.
>
> - Have a separate file for each pool, this file,encripted, woul
How can I mantain databases passwords without :
- Being put in the code (arg)
- Being in plain text in server.xml (as configured for tomcat)
I use another approache than the pool from tomcat, that consist in a
separate servlet and a PoolManager, which is accessed in a static way.
(so other a
Is there any standart way to keep the passwords of databases encripted
when creating a pool through tomcat?
--
Emerson Cargnin
Analista de Sistemas
Setor de Desenvolvimento de Sistemas - TRE-SC
tel : (048) - 251-3700 - Ramal 3181
---