I probably didn't state my question more clearly. What I actually want to encrypt is the dblogin passwd, not the user login to tomcat. Is there a way to do that?
Thanks for the reply! Cathy -----Original Message----- From: Shapira, Yoav [mailto:[EMAIL PROTECTED] Sent: Thursday, March 25, 2004 10:49 AM To: Tomcat Users List Subject: RE: How to Secure my Passwd Info from server.xml file? Hi, No, you have to write a custom realm for this. A couple of others have asked in the past, so you may wish to search the archives to see if they posted their solutions. If you come up with something nice and generic, it'd be a nice donation to tomcat ;) Yoav Shapira Millennium Research Informatics >-----Original Message----- >From: Cathy Hui [mailto:[EMAIL PROTECTED] >Sent: Thursday, March 25, 2004 1:41 PM >To: [EMAIL PROTECTED]; tomcat-user- >[EMAIL PROTECTED]; [EMAIL PROTECTED]; tomcat- >[EMAIL PROTECTED] >Subject: How to Secure my Passwd Info from server.xml file? > >I am trying to solve a security issue with my webapp. We are using >tomcat's connection pooling for our webapp. The database username and >password be specified in the server.xml file (as shown below). > >Is there a way to encrypt the password, and tomcat should decrypt the >password before establishing the database connection. We are trying to >do this without changing the tomcat code itself. Is it a setting in >tomocat, or is there a 3rd party software? > >Any suggestions/solutions are appreciated. Thanks ><Resource name="jdbc/iOQDB" auth="Container" >type="javax.sql.DataSource"/> <ResourceParams name="jdbc/iOQDB"> ><parameter> ><name>username</name> ><value>myuser</value> ></parameter> ><parameter> ><name>password</name> ><value>mypassword</value> ></parameter> ></ResourceParams> > >Thanks! > > >--------------------------------------------------------------------- >To unsubscribe, e-mail: [EMAIL PROTECTED] >For additional commands, e-mail: [EMAIL PROTECTED] This e-mail, including any attachments, is a confidential business communication, and may contain information that is confidential, proprietary and/or privileged. This e-mail is intended only for the individual(s) to whom it is addressed, and may not be saved, copied, printed, disclosed or used by anyone else. If you are not the(an) intended recipient, please immediately delete this e-mail from your computer system and notify the sender. Thank you. --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
