Ok, thank you very much Olaf.
Sent with ProtonMail Secure Email. ‐‐‐‐‐‐‐ Original Message ‐‐‐‐‐‐‐ On Monday, 7 de June de 2021 11:36, Olaf Kock <tom...@olafkock.de> wrote: > On 07.06.21 10:56, xcorpius wrote: > > > Hello again! > > Checking the documentation ... Tomcat can create an encrypted password with > > the "digest.sh" tool for application passwords. > > But you cannot create an encrypted password for the DB in the context.xml > > file. The only solution without adding anything is to give restrictive > > permissions to the context.xml file. > > Wouldn't it be the same problem? Why can't I generate an encrypted password > > for the database with the "digest.sh" tool instead of having to use a > > customized "factory"? > > I think people who develop Tomcat should consider this option. > > Thank you very much to all. > > Sorry, those are not the same: Digested passwords cannot be undigested, > but any digestion of the same password reveals the same digested result, > so that they can be compared. (read about the difference between hashing > and encryption) > > For a database connection, you'll need to undigest (e.g. unencrypt) the > password and get it in clear text. And that's precisely what the FAQ > answers as impossible to do securely (without requiring manual input of > keys at each startup) > > There's nothing here to consider that hasn't been considered before. > > Olaf > > > > > > > > Hi, > > > > > > > I wanted to ask about how to encrypt database passwords in the > > > > > > > context.xml file in Tomcat 9. > > > > > > > Hi, > > > > > > > please check this article: > > > > > > > https://urldefense.com/v3/https://cwiki.apache.org/confluence/display/ > > > > > > > TOMCAT/Password;!!F9svGWnIaVPGSwU!5L0cC3jIaCuRm0q1-FYoVLDsuldYO4StHmkrZWg_Y0z1bdU7NM3IWFdkUykL7W_YAFGN4bM$ > > > > > > > > > > > It covers the topic once and for all... > > > > > > Olaf > > -- > > To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org > For additional commands, e-mail: users-h...@tomcat.apache.org --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org