The ideal solution is the read protect server.xml so only the appropraite parties are allowed to read it. Anything else is "insecure." (Except having someone type in a password at start up which tomcat doesn't have that functonality)
-Tim
Edwin K. Brown wrote:
Hello, I have set up Tomcat in the standalone mode to do user authorization by using LDAP.
We don't allow anonymous browsing of the LDAP tree, so the connectionUser and connectionPassword attributes have to be used in the JNDIRealm configuration.
However, for obvious reasons, having the user name and password in the server.xml file is not a good idea.
Is there any other way to address this problem?
Thank you.
--------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
