Return-Path: Delivered-To: apmail-tomcat-dev-archive@www.apache.org Received: (qmail 60506 invoked from network); 17 Dec 2007 19:21:31 -0000 Received: from hermes.apache.org (HELO mail.apache.org) (140.211.11.2) by minotaur.apache.org with SMTP; 17 Dec 2007 19:21:31 -0000 Received: (qmail 78221 invoked by uid 500); 17 Dec 2007 19:21:17 -0000 Delivered-To: apmail-tomcat-dev-archive@tomcat.apache.org Received: (qmail 78180 invoked by uid 500); 17 Dec 2007 19:21:17 -0000 Mailing-List: contact dev-help@tomcat.apache.org; run by ezmlm Precedence: bulk List-Help: List-Unsubscribe: List-Post: List-Id: Reply-To: "Tomcat Developers List" Delivered-To: mailing list dev@tomcat.apache.org Received: (qmail 78168 invoked by uid 500); 17 Dec 2007 19:21:17 -0000 Delivered-To: apmail-jakarta-tomcat-dev@jakarta.apache.org Received: (qmail 78165 invoked by uid 99); 17 Dec 2007 19:21:16 -0000 Received: from athena.apache.org (HELO athena.apache.org) (140.211.11.136) by apache.org (qpsmtpd/0.29) with ESMTP; Mon, 17 Dec 2007 11:21:16 -0800 X-ASF-Spam-Status: No, hits=-100.0 required=10.0 tests=ALL_TRUSTED X-Spam-Check-By: apache.org Received: from [140.211.11.4] (HELO brutus.apache.org) (140.211.11.4) by apache.org (qpsmtpd/0.29) with ESMTP; Mon, 17 Dec 2007 19:21:03 +0000 Received: by brutus.apache.org (Postfix, from userid 33) id EF30E714272; Mon, 17 Dec 2007 11:21:06 -0800 (PST) From: bugzilla@apache.org To: tomcat-dev@jakarta.apache.org Subject: DO NOT REPLY [Bug 44085] New: - Encryption of password in server.xml JNDI datasource Message-ID: X-Bugzilla-Reason: AssignedTo Date: Mon, 17 Dec 2007 11:21:06 -0800 (PST) X-Virus-Checked: Checked by ClamAV on apache.org DO NOT REPLY TO THIS EMAIL, BUT PLEASE POST YOUR BUG� RELATED COMMENTS THROUGH THE WEB INTERFACE AVAILABLE AT . ANY REPLY MADE TO THIS MESSAGE WILL NOT BE COLLECTED AND� INSERTED IN THE BUG DATABASE. http://issues.apache.org/bugzilla/show_bug.cgi?id=44085 Summary: Encryption of password in server.xml JNDI datasource Product: Tomcat 4 Version: 4.1.27 Platform: All OS/Version: All Status: NEW Severity: minor Priority: P2 Component: Unknown AssignedTo: tomcat-dev@jakarta.apache.org ReportedBy: vikram.ravindran@infor.com Hello, I have set up a JNDI datasource in accordance with the instructions given in the JNDI Datasource HOWTO, and it works. However, the passwords in all the sample "ResourceParams" blocks are in plaintext (i.e. unencrypted) which could create a security issue. I can't seem to find anything in the Tomcat 4 docs that explains how to encrypt the password field. Are there any plans to add encryption to the server.xml file to protect password information? Or is there an undocumented way of doing this? Thank you, Vikram Ravindran Infor, Inc. -- Configure bugmail: http://issues.apache.org/bugzilla/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are the assignee for the bug, or are watching the assignee. --------------------------------------------------------------------- To unsubscribe, e-mail: dev-unsubscribe@tomcat.apache.org For additional commands, e-mail: dev-help@tomcat.apache.org