tomcat-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Sri Thuraisamy <sthurais...@basis100.com>
Subject RE: security of server.xml in tomcat
Date Tue, 10 Jun 2003 14:15:15 GMT
Also depends on from whom you want to hide the credentials. If it's from
web client, then based on servlet specifications "The files inside the
WEB-INF folder cannot be accessible by the web client". If you want to
protect from console access users then you can protect by defining
access rights to the web deployment.

ST
 
On Mon, 2003-06-09 at 14:42, Chad Johnson wrote:
> Just a thought, I can't see how having the username and password in code
> is any more secure.  Prying eyes could have equal access to both.
> 
> Chad Johnson
> Web Services Developer
> WS Packaging - Wisconsin Label
> Tel:(920)487-6271
> 
> 
> -----Original Message-----
> From: Mohamed Tagari [mailto:tagari@ebi.ac.uk] 
> Sent: Monday, June 09, 2003 9:32 AM
> To: tomcat-dev@jakarta.apache.org
> Subject: security of server.xml in tomcat 
> 
> 
> Hi,
> 
> Is there any way of instantiating the password and username 
> parameters for connecting to a database in the application code rather 
> than having it as plain text in the server.xml. 
> 
> As having the username and password as plain text is not 
> very secure..
> 
> Any help/information will be apprectiated..
> 
> The database will be containing sensitive information, hence all
> passwords 
> and usernames have to be protected..
> 
> // java code
> Context init = new InitialContext();
> Context ctx = (Context) init.lookup("java:comp/env"); DataSource ds =
> (DataSource) ctx.lookup("jdbc/myoracle");
> 
> 
> 
> // extract from server.xml
> <Resource name="jdbc/myoracle" auth="Container"
>               type="javax.sql.DataSource"/> 
> 
> <ResourceParams name="jdbc/myoracle">
>     .
>     .
>     .
>   <parameter>
>     <name>username</name>
>     <value>scott</value>
>   </parameter>
>   <parameter>
>     <name>password</name>
>     <value>tiger</value>
>   </parameter>
>     .
>     .
> </ResourceParams>
> 
> mo
> 
> 
> 
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: tomcat-dev-unsubscribe@jakarta.apache.org
> For additional commands, e-mail: tomcat-dev-help@jakarta.apache.org
> 
> 
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: tomcat-dev-unsubscribe@jakarta.apache.org
> For additional commands, e-mail: tomcat-dev-help@jakarta.apache.org
-- 
Sri Thuraisamy <sthuraisamy@basis100.com>


---------------------------------------------------------------------
To unsubscribe, e-mail: tomcat-dev-unsubscribe@jakarta.apache.org
For additional commands, e-mail: tomcat-dev-help@jakarta.apache.org


Mime
View raw message