it's a wasted effort, the one way it could be truly secure, was if
tomcat asked you for a key upon startup. this wouldn't work very well in
a 1000 tomcat instance server farm.
any other effort simply masks the problem, letting you think it is
secure, when it isn't.
what you should do is this
1. make sure tomcat runs as an account that can't login
2. make any file that contains secure information readonly, and readable
only by the tomcat user
if someone gets onto your machine as an super user, you have bigger
problem than the password being in clear text
Filip
Milanez, Marcus wrote:
Hello everyove,
We were asked to eliminate clear text passwords associated to database
pooled connections in context.xml files... I know it has been discussed
a lot, but I would like to ask once again whether someone has a simple,
clean solution for that. We are using Windows server and MS SQL 2005.
One of the options I came across is to use Windows Integratd
authentication instead of database users. Is there any other ideas to
overcome this situation?
Thanks a lot,
Marcus Milanez
---------------------------------------------------------------------
To start a new topic, e-mail: users@tomcat.apache.org
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
---------------------------------------------------------------------
To start a new topic, e-mail: users@tomcat.apache.org
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
