Best I can think of is to write your own class to initialize a db pool
and pull the password from a file encrypted with the server's public key
(assuming it has a ssl cert.). To get the password from such a file
requires the server's private ssl key which should be protected like the
Hope Diamond anyway.
I'll let you do the rest from there or modify it to fit your needs.
--David
jmaltais wrote:
Hi gang!
I know this has been discussed before. I want to completely remove the
password from the server.xml file. It is only readable by root but that is
not good enough for me.
Some ideas:
* Hardcoding in a JDBC driver but then it can be taken and used by anybody.
* What about a subclassed Datasource with the specific login info there?
The problem is I don't want to have to always need to build tomcat from
source. Anyone have an answer or have tried this before?
More thoughts?
Cheers!
J
---------------------------------------------------------------------
To start a new topic, e-mail: users@tomcat.apache.org
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
