cocoon-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Peter Robins <coc...@peterrobins.co.uk>
Subject Re: Security/encryption
Date Tue, 19 Mar 2002 09:06:57 GMT
That's a different issue, Joe. SSL encrypts the flow, and is not specific to 
Cocoon. I wouldn't expect Cocoon to handle this. I'm wanting to encrypt the 
passwords (or other sensitive data) in the actual XML files, as, for example, 
Apache does with its htpasswd files. IMO, all passwords should be stored in 
encrypted form - doesn't stop the crackers, but makes life more difficult for 
them.


On Monday 18 Mar 2002 2:47 pm, Joseph Jupin wrote:
> I'm going to answer this in terms of an SSL connection
> from a client to your webserver (Apache or Tomcat, etc)...
>  In the Tomcat documentation it states that when an SSL
> connection is made, the connection is encrypted from the
> client to the webserver as in any normal webserver
> situation.  The server itself is responsible for taking
> the encrypted stream, un-encrypting them and then
> forwarding them on to the respective called for agent (in
> this case Cocoon)...  So, Cocoon would only be as secure
> as the level of SSL encryption employed by your container
> webserver (128 bit, for example)...
>
> Please look at the Tomcat startup page and click on their
> Security-HOW-TO section...  cool.
>
> peace.  JOe...
>
> On Sat, 16 Mar 2002 19:30:49 +0000
>
>   Peter Robins <cocoon@peterrobins.co.uk> wrote:
> >On Friday 15 Mar 2002 11:07 pm, Vadim Gritsenko wrote:
> >> How do you handle plain text DB password in the
> >>weblogic's config.xml
> >> file? Or in the JRun server's local.properties file? Or
> >>Tomcat's
> >> server.xml?
> >
> >I don't. I don't use weblogic or jrun, nor do I have
> >passwords in server.xml
> >
> >> I guess that you can apply same technique to the
> >>Cocoon's cocoon.xconf.
> >>
> >> PS Cocoon uses Avalon's JDBC pools, so you may want to
> >>ask this on
> >> Avalon list.
> >
> >the question wasn't specific to DB, but a general
> >question as to whether
> >Cocoon handles encrypted data elements. However, looks
> >like I have the answer
> >- no :-)
> >
> >---------------------------------------------------------------------
> >Please check that your question has not already been
> >answered in the
> >FAQ before posting.
> ><http://xml.apache.org/cocoon/faqs.html>
> >
> >To unsubscribe, e-mail:
> ><cocoon-users-unsubscribe@xml.apache.org>
> >For additional commands, e-mail:
> ><cocoon-users-help@xml.apache.org>
>
> ---------------------------------------------------------------------
> Please check that your question has not already been answered in the
> FAQ before posting. <http://xml.apache.org/cocoon/faqs.html>
>
> To unsubscribe, e-mail: <cocoon-users-unsubscribe@xml.apache.org>
> For additional commands, e-mail: <cocoon-users-help@xml.apache.org>

---------------------------------------------------------------------
Please check that your question has not already been answered in the
FAQ before posting. <http://xml.apache.org/cocoon/faqs.html>

To unsubscribe, e-mail: <cocoon-users-unsubscribe@xml.apache.org>
For additional commands, e-mail: <cocoon-users-help@xml.apache.org>


Mime
View raw message