tomcat-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From bugzi...@apache.org
Subject DO NOT REPLY [Bug 44085] New: - Encryption of password in server.xml JNDI datasource
Date Mon, 17 Dec 2007 19:21:06 GMT
DO NOT REPLY TO THIS EMAIL, BUT PLEASE POST YOUR BUG·
RELATED COMMENTS THROUGH THE WEB INTERFACE AVAILABLE AT
<http://issues.apache.org/bugzilla/show_bug.cgi?id=44085>.
ANY REPLY MADE TO THIS MESSAGE WILL NOT BE COLLECTED AND·
INSERTED IN THE BUG DATABASE.

http://issues.apache.org/bugzilla/show_bug.cgi?id=44085

           Summary: Encryption of password in server.xml JNDI datasource
           Product: Tomcat 4
           Version: 4.1.27
          Platform: All
        OS/Version: All
            Status: NEW
          Severity: minor
          Priority: P2
         Component: Unknown
        AssignedTo: tomcat-dev@jakarta.apache.org
        ReportedBy: vikram.ravindran@infor.com


Hello,

I have set up a JNDI datasource in accordance with the instructions given in 
the JNDI Datasource HOWTO, and it works. However, the passwords in all the 
sample "ResourceParams" blocks are in plaintext (i.e. unencrypted) which could 
create a security issue. I can't seem to find anything in the Tomcat 4 docs 
that explains how to encrypt the password field.

Are there any plans to add encryption to the server.xml file to protect 
password information? Or is there an undocumented way of doing this?

Thank you,
Vikram Ravindran
Infor, Inc.

-- 
Configure bugmail: http://issues.apache.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.

---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@tomcat.apache.org
For additional commands, e-mail: dev-help@tomcat.apache.org


Mime
View raw message