tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Phil Steitz <>
Subject Re: encrypt passwords for JNDI Resources (Datasource specifically)
Date Fri, 02 Aug 2002 20:52:13 GMT
Jacob Kjome wrote:

>Can someone comment on this?  I'd really like to know if I can digest
>the passwords that I use for my configuration in the Server.xml for
>DBCP Datasources.  Is it possible?  If not, is it planned?
I will leave it to one of the developers to comment on what may be 
planned; but I do not think that what you want to do -- protect the 
uid/pwd data in the config file is currently supported.  It looks to me 
as though the JDBC Datasource provided in Tomcat 4 uses exactly what you 
have in server.xml to connect to the database.  Hashing would add no 
value here, since the hash would be visible in the config file.  

If what you really want to do is to protect the uid/pwd info in the 
file, you need to encrypt (not hash) these data and then create your own 
resource factory that decrypts before attempting the database connection.  

I am also curious about what may be in the works here.  Are there any 
plans to support a "crypto-enabled" version of the commons digester to 
allow entire config files to be encrypted?

Phil Steitz

>Thursday, August 01, 2002, 1:00:16 PM, you wrote:
>JK> Seems to me someone wrote about this before, but I can't find it.  I'm 
>JK> wondering if passwords can be digested in JNDI Resource configuration
>JK> just like one can in the Realm configurations?  I'd rather not store
>JK> the password for my database in cleartext.  The Resource docs don't
>JK> seem to mention anything about digesting passwords.  Is it not
>JK> possible?  If not now, is this feature planned?  I'm using
>JK> Tomcat-4.1.8.
>JK> Jake
>JK> --
>JK> To unsubscribe, e-mail:   <>
>JK> For additional commands, e-mail: <>

To unsubscribe, e-mail:   <>
For additional commands, e-mail: <>

View raw message