Good Morning, I appreciate everyone's suggestions concerning the security of JAMES and the mySQL datebase that the server uses. The developer group is small enough to prevent rogue employees through limiting who has access to a username and changing passwords every two weeks.
Noel, the description of what ports should and should not remain open is very helpful and we have closed down any ports that may lead to trouble. In addition, I have made sure that only one username may read or write to the config.xml file and I am willing enough to leave it unencrypted. The new passwords we are using are ten characters long and alphanumeric. Many Thanks, Hut -----Original Message----- From: Steve Brewin [mailto:[EMAIL PROTECTED] Sent: Wednesday, September 10, 2003 8:47 AM To: 'James Users List' Subject: RE: Securing JAMES database connections Serge Knystautas wrote: > > Steve Brewin wrote: > >>Just make make config.xml readable only by the account > running the James > > server. > > > > Works fine technically. The trouble is that copies of files > containing > > secure information do proliferate - as backups, in test > environments, in > > support requests, etc. Having sensitive information, such > as passwords, > > encrypted gives a level of protection in such cases. > > Every application that connects to the database has the same issue. I > don't know of any web-app containers (Java or Python or Perl > or PHP or > any other language) that does anything special about storing > the account > information, unless you want to do everything on NT and do trusted > connections. Serge, True enough, but things had moved on a little from the original subject to a discussion as to wether it would be a good idea to add support for parsing an encrypted field to org.apache.avalon.framework.configuration.Configuration so that James could use it for any settings that were considered sensitive. -- Steve --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
