tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Tim Funk <funk...@joedog.org>
Subject Re: Security Hole - server.xml
Date Wed, 26 Nov 2003 13:51:16 GMT
The username and password still need decrypted at some time. It just makes 
the attacker jump through 1 hoop.

Using file permissions on the config file as well and server security are the 
ways to go.

-Tim

Curley, Thomas wrote:

> Hi all,
> 
> A direct question arising from a security review :-
> 
>  Using a datasource it is possible to remove the 'username', 'password' or at least encrypt
them using someting like MD5
> 


---------------------------------------------------------------------
To unsubscribe, e-mail: tomcat-user-unsubscribe@jakarta.apache.org
For additional commands, e-mail: tomcat-user-help@jakarta.apache.org


Mime
View raw message