RE: How to encrypt db password in tomcat context.xml

2020-06-29 Thread jonmcalexander
-mail and delete this message. Thank you for your cooperation. -Original Message- From: Pesonen, Harri Sent: Monday, June 29, 2020 10:10 AM To: Tomcat Users List Subject: RE: How to encrypt db password in tomcat context.xml I have implemented a Tomcat vault as well, it is basically

RE: How to encrypt db password in tomcat context.xml

2020-06-29 Thread Pesonen, Harri
Message- From: jonmcalexan...@wellsfargo.com.INVALID Sent: maanantai 29. kesäkuuta 2020 17.25 To: users@tomcat.apache.org Subject: RE: How to encrypt db password in tomcat context.xml -Original Message- From: Rémy Maucherat Sent: Monday, June 29, 2020 1:58 AM To: Tomcat Users List

RE: How to encrypt db password in tomcat context.xml

2020-06-29 Thread jonmcalexander
-Original Message- From: Rémy Maucherat Sent: Monday, June 29, 2020 1:58 AM To: Tomcat Users List Subject: Re: How to encrypt db password in tomcat context.xml On Mon, Jun 29, 2020 at 8:03 AM Carsten Klein wrote: > Hi Jürgen and Olaf, > > I can really understand Jürgen's i

Re: How to encrypt db password in tomcat context.xml

2020-06-29 Thread Rémy Maucherat
On Mon, Jun 29, 2020 at 8:03 AM Carsten Klein wrote: > Hi Jürgen and Olaf, > > I can really understand Jürgen's intentions. The core problem is not > security but administrators and so called security panels in > "professional" (non-open source related) companies. I really know this > from my

Re: How to encrypt db password in tomcat context.xml

2020-06-29 Thread Carsten Klein
Hi Jürgen and Olaf, I can really understand Jürgen's intentions. The core problem is not security but administrators and so called security panels in "professional" (non-open source related) companies. I really know this from my own experiences. Maybe that's a German problem, since Germans are

Re: How to encrypt db password in tomcat context.xml

2020-06-28 Thread Jürgen Weber
I'd just put some nice password as byte[] into Tomcat's source code and provide a way to have passwords in the configs encrypted with that nice password. > Use properties replacement so that in the xml config you have ${db.password} > and in conf/catalina.properties you put the password there.

Re: How to encrypt db password in tomcat context.xml

2020-06-28 Thread Olaf Kock
On 28.06.20 19:50, Jürgen Weber wrote: I would like to know how to encrypt and decrypt the database password in context.xml when the application is running which also allow me to change the db password for the purpose of security. >>

Re: How to encrypt db password in tomcat context.xml

2020-06-28 Thread Jürgen Weber
> https://cwiki.apache.org/confluence/display/TOMCAT/Password Well, I know a chief open source app server that has the password to decrypt all passwords buried in its open source, and I know auditors who are good if root cannot read passwords at first sight. The reasoning behind that is that

Re: How to encrypt db password in tomcat context.xml

2020-06-26 Thread Olaf Kock
On 26.06.20 15:05, FANG YAP wrote: > Hi Tomcat, > > I would like to know how to encrypt and decrypt the database password in > context.xml when the application is running which also allow me to change > the db password for the purpose of security.