> From: Darryl Lewis [mailto:darryl.le...@unsw.edu.au] > Subject: Re: running tomcat6 under a different user than root (debian)
> Use encryption > http://java.sys-con.com/node/393364 Sorry, that just moves the problem. The article completely ignores the issue of where to put the decryption key - which must be in plain text somewhere. As Mark pointed out, obfuscation != security. - Chuck P.S. Interesting that the author of that article was using a Tomcat already three years old at the time of publication; doesn't really help the somewhat questionable credibility. (Reference implementations shouldn't be used in production? Where did he get that one?) THIS COMMUNICATION MAY CONTAIN CONFIDENTIAL AND/OR OTHERWISE PROPRIETARY MATERIAL and is thus for use only by the intended recipient. If you received this in error, please contact the sender and delete the e-mail and its attachments from all computers. --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org