Re: Connection Pool (was Re: Can anyone explain this to me.)

Fri, 26 Mar 1999 06:03:32 -0500 

On Fri, 26 Mar 1999, Tony Obermeit wrote:

> What about using a servlet parameter for the passwords?  They wouldn't be
> hard-coded and I assume the web server will allow the parameters to be
> stored in a secure fashion?  Furthermore, you could encrypt the parameter
> or even the password which you hard-code in the .class file.

And how do you provide/protect the password wich will be used to decrypt the
password used by the pool to connect to the database? There is a point
where you choose either to keep all necessary information needed
to connect to the database accessible to your application,
or require some user intervention to provide a more-protected password.

Cezar
>
> Tony
>
> Message text written by "A mailing list for discussion about Sun
> Microsystem's Java Servlet API Technology."
> >a)  The .class files are hard-coded with the sa password, which means
> that it exists as a legible string within the .class file and can be
> read by anyone who gets access to it.  While you might restrict access
> to the server on which the servlet runs, this is no guarantee, which is
> why passwords are usually encrypted in the server's files...
> <
>
> ___________________________________________________________________________
> To unsubscribe, send email to [EMAIL PROTECTED] and include in the body
> of the message "signoff SERVLET-INTEREST".
>
> Archives: http://archives.java.sun.com/archives/servlet-interest.html
> Resources: http://java.sun.com/products/servlet/external-resources.html
> LISTSERV Help: http://www.lsoft.com/manuals/user/user.html
>


Cezar Totth                             email:  [EMAIL PROTECTED]
                                        Fax:    (401) 220 33 95
Genesys Software Romania                Phone:  (401) 638 49 44
Stefan Furtuna 169, sect.6
cod 77171, Bucharest
Romania

___________________________________________________________________________
To unsubscribe, send email to [EMAIL PROTECTED] and include in the body
of the message "signoff SERVLET-INTEREST".

Archives: http://archives.java.sun.com/archives/servlet-interest.html
Resources: http://java.sun.com/products/servlet/external-resources.html
LISTSERV Help: http://www.lsoft.com/manuals/user/user.html

Reply via email to