RE: Once again, clear text passwords in context.xml files

From: Milanez, Marcus [mailto:[EMAIL PROTECTED] On the other hand, is it right to stay behind a possible security fault (malicious super user performing login) in order to say I'll not correct known security issues in my application? There's a lovely discussion on exactly this topic in

Re: RES: Once again, clear text passwords in context.xml files

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Marcus, Milanez, Marcus wrote: | Filip Hanik wrote: | if someone gets onto your machine as an super user, you have bigger | problem than the password being in clear text | | That is the answer everyone gives in tomcat forums all over the | internet,

Once again, clear text passwords in context.xml files

Hello everyove, We were asked to eliminate clear text passwords associated to database pooled connections in context.xml files... I know it has been discussed a lot, but I would like to ask once again whether someone has a simple, clean solution for that. We are using Windows server and MS SQL

Re: Once again, clear text passwords in context.xml files

it's a wasted effort, the one way it could be truly secure, was if tomcat asked you for a key upon startup. this wouldn't work very well in a 1000 tomcat instance server farm. any other effort simply masks the problem, letting you think it is secure, when it isn't. what you should do is

RES: Once again, clear text passwords in context.xml files

: Filip Hanik - Dev Lists [mailto:[EMAIL PROTECTED] Enviada em: terça-feira, 13 de maio de 2008 12:37 Para: Tomcat Users List Assunto: Re: Once again, clear text passwords in context.xml files it's a wasted effort, the one way it could be truly secure, was if tomcat asked you for a key upon startup

Re: Once again, clear text passwords in context.xml files

: Filip Hanik - Dev Lists [mailto:[EMAIL PROTECTED] Enviada em: terça-feira, 13 de maio de 2008 12:37 Para: Tomcat Users List Assunto: Re: Once again, clear text passwords in context.xml files it's a wasted effort, the one way it could be truly secure, was if tomcat asked you for a key upon startup

RE: Once again, clear text passwords in context.xml files

From: Kevin Williams [mailto:[EMAIL PROTECTED] Subject: Re: Once again, clear text passwords in context.xml files How about hashing the passwords with a known forumla and storing them in this intermediate format. App would need to hash the user input and compare. There's no user input

RES: Once again, clear text passwords in context.xml files

- De: Kevin Williams [mailto:[EMAIL PROTECTED] Enviada em: terça-feira, 13 de maio de 2008 14:36 Para: Tomcat Users List Assunto: Re: Once again, clear text passwords in context.xml files How about hashing the passwords with a known forumla and storing them in this intermediate format. App

Re: Once again, clear text passwords in context.xml files

- De: Filip Hanik - Dev Lists [mailto:[EMAIL PROTECTED] Enviada em: terça-feira, 13 de maio de 2008 12:37 Para: Tomcat Users List Assunto: Re: Once again, clear text passwords in context.xml files it's a wasted effort, the one way it could be truly secure, was if tomcat asked you for a key upon