james-server-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Serge Knystautas <ser...@lokitech.com>
Subject Re: Securing JAMES database connections
Date Wed, 10 Sep 2003 13:42:04 GMT
Steve Brewin wrote:
>>Just make make config.xml readable only by the account running the James
> server.
> 
> Works fine technically. The trouble is that copies of files containing
> secure information do proliferate - as backups, in test environments, in
> support requests, etc. Having sensitive information, such as passwords,
> encrypted gives a level of protection in such cases.

Every application that connects to the database has the same issue.  I 
don't know of any web-app containers (Java or Python or Perl or PHP or 
any other language) that does anything special about storing the account 
information, unless you want to do everything on NT and do trusted 
connections.

-- 
Serge Knystautas
President
Lokitech >> software . strategy . design >> http://www.lokitech.com
p. 301.656.5501
e. sergek@lokitech.com


---------------------------------------------------------------------
To unsubscribe, e-mail: server-user-unsubscribe@james.apache.org
For additional commands, e-mail: server-user-help@james.apache.org


Mime
View raw message