-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Gregory,
On 2/12/16 4:19 PM, Dougherty, Gregory T., M.S. wrote: > On 2/12/16, 3:08 PM, "Leo Donahue" <donahu...@gmail.com> wrote: > > >> On Feb 12, 2016 2:58 PM, "Dougherty, Gregory T., M.S." < >> dougherty.greg...@mayo.edu> wrote: >>> >>> The web app needs a DB password so it can connect to the DB. >> >> I disagree that the web app needs a password. > > The web app has to be able to read and write to the DB. That takes > a password. I agree with Leo: your application only needs a javax.sql.DataSource. That can be pre-seeded with a password to make connections. The web application itself doesn't need to have any authentication information in it, unless you want to be able to make new connections with different credentials. My web applications have nary a username or password to access their databases, and yet connections to SQL DataSources work perfectly fine. Multiple dev and test environments, demo, and production. Same code base. Same revision-control system. No passwords. >>> How does the Web app get access to the DB, without saving >>> within the web app anything that someone else could also use to >>> get access to that DB? >>> >> >> Implement your own data source. > > How does the web app connect to the data source? Tomcat provides a DataSource via JNDI. There are other ways you could implement this as well, but the JNDI DataSource seems like it should meet your needs. Except maybe this one: > My definition of ³secure² includes ³there exist no files with an > unencrypted copy of the password². Do you mean "no files at all" or "no files in revision-control"? Again, you have to decide whether you trust your administrators. > How does the data source know that this web app, unlike every > other web app in existence, is allowed to access the data source? The container allows you to map data sources to web applications. Use that facility. And trust your administrators. > For that matter, how do I set up the data source (whose every > element is checked into the source code control system that a > malicious user may have access to) so that it knows the passwords > of interest? Why would you check the data source configuration into the revision-control system? It's not necessary to do that. Do you check Tomcat's server.xml into revision control? > That leaves aside the issue that the web app is a production web > app, which means it can¹t rely on a non-production data source, > which means I can¹t set up my own data source. But even if I > could, all the other problems still apply. If you free yourself from the idea that everything needs to be in one big revision-control system, it makes things easier. Everybody does their job: the devs write the software, the admins deploy it. The admins have the keys to the kingdom (they always do; don't fight it) and the devs have keys to nothing. Of course, the devs are writing the software, so if you are truly paranoid, you need to make sure that the devs aren't stealing secrets from the admins when the app runs ;) - -chris -----BEGIN PGP SIGNATURE----- Comment: GPGTools - http://gpgtools.org Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/ iEYEARECAAYFAla+al4ACgkQ9CaO5/Lv0PA4RQCgrzhBjr0yuJ+D6Ts6fjzV9fVr fuAAnRKbUGbM6wQ5RZM58QHVsTQCHcW7 =k3tX -----END PGP SIGNATURE----- --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
