Serge Knystautas wrote: > > Steve Brewin wrote: > >>Just make make config.xml readable only by the account > running the James > > server. > > > > Works fine technically. The trouble is that copies of files > containing > > secure information do proliferate - as backups, in test > environments, in > > support requests, etc. Having sensitive information, such > as passwords, > > encrypted gives a level of protection in such cases. > > Every application that connects to the database has the same > issue. I > don't know of any web-app containers (Java or Python or Perl > or PHP or > any other language) that does anything special about storing > the account > information, unless you want to do everything on NT and do trusted > connections.
Serge, True enough, but things had moved on a little from the original subject to a discussion as to wether it would be a good idea to add support for parsing an encrypted field to org.apache.avalon.framework.configuration.Configuration so that James could use it for any settings that were considered sensitive. -- Steve --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
