Noel, > Steve, > > There is little point to having a reversibly encrypted password. Such > things are easily broken.
Well that depends on the cipher used and your definition of 'easy' I guess. > Just make make config.xml readable only by the account running the James server. Works fine technically. The trouble is that copies of files containing secure information do proliferate - as backups, in test environments, in support requests, etc. Having sensitive information, such as passwords, encrypted gives a level of protection in such cases. Steve --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
