tomcat-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Chad Johnson" <cjohn...@wspackaging.com>
Subject RE: security of server.xml in tomcat
Date Mon, 09 Jun 2003 18:42:03 GMT
Just a thought, I can't see how having the username and password in code
is any more secure.  Prying eyes could have equal access to both.

Chad Johnson
Web Services Developer
WS Packaging - Wisconsin Label
Tel:(920)487-6271


-----Original Message-----
From: Mohamed Tagari [mailto:tagari@ebi.ac.uk] 
Sent: Monday, June 09, 2003 9:32 AM
To: tomcat-dev@jakarta.apache.org
Subject: security of server.xml in tomcat 


Hi,

Is there any way of instantiating the password and username 
parameters for connecting to a database in the application code rather 
than having it as plain text in the server.xml. 

As having the username and password as plain text is not 
very secure..

Any help/information will be apprectiated..

The database will be containing sensitive information, hence all
passwords 
and usernames have to be protected..

// java code
Context init = new InitialContext();
Context ctx = (Context) init.lookup("java:comp/env"); DataSource ds =
(DataSource) ctx.lookup("jdbc/myoracle");



// extract from server.xml
<Resource name="jdbc/myoracle" auth="Container"
              type="javax.sql.DataSource"/> 

<ResourceParams name="jdbc/myoracle">
    .
    .
    .
  <parameter>
    <name>username</name>
    <value>scott</value>
  </parameter>
  <parameter>
    <name>password</name>
    <value>tiger</value>
  </parameter>
    .
    .
</ResourceParams>

mo



---------------------------------------------------------------------
To unsubscribe, e-mail: tomcat-dev-unsubscribe@jakarta.apache.org
For additional commands, e-mail: tomcat-dev-help@jakarta.apache.org


---------------------------------------------------------------------
To unsubscribe, e-mail: tomcat-dev-unsubscribe@jakarta.apache.org
For additional commands, e-mail: tomcat-dev-help@jakarta.apache.org


Mime
View raw message