db-torque-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "jill han" <j...@bynum.com>
Subject encrypt database user info in the Torque.properties?
Date Thu, 24 May 2007 22:00:57 GMT
I put database user login data in the Torque.properties as  

torque.dsfactory.default.connection.user = username
torque.dsfactory.default.connection.password = userpassword

At first, I think it is quite common practice. Now somebody questioned
it for the security reason, saying
"Storage of user information in plain text will allow the database
to be compromised if web/app server is hacked."
It was suggested to Encrypt the database details in the configuration
file.

Do you think it is a legitimate concern?
Do you encrypt such data in the configuration file?

Your input is appreciated as always.

Jill



---------------------------------------------------------------------
To unsubscribe, e-mail: torque-user-unsubscribe@db.apache.org
For additional commands, e-mail: torque-user-help@db.apache.org


Mime
View raw message