tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Tim Funk <>
Subject Re: Security Hole - server.xml
Date Wed, 26 Nov 2003 13:51:16 GMT
The username and password still need decrypted at some time. It just makes 
the attacker jump through 1 hoop.

Using file permissions on the config file as well and server security are the 
ways to go.


Curley, Thomas wrote:

> Hi all,
> A direct question arising from a security review :-
>  Using a datasource it is possible to remove the 'username', 'password' or at least encrypt
them using someting like MD5

To unsubscribe, e-mail:
For additional commands, e-mail:

View raw message