The link below is for users logging-in (FORM or BASIC). Not for database
connections.
-Tim
srevilak@g88.net wrote:
>>A direct question arising from a security review :-
>>
>> Using a datasource it is possible to remove the 'username',
>> 'password' or at least encrypt them using someting like MD5
>
>
> The Password can be digested. See
>
> http://jakarta.apache.org/tomcat/tomcat-4.1-doc/realm-howto.html#Digested%20Passwords
>
---------------------------------------------------------------------
To unsubscribe, e-mail: tomcat-user-unsubscribe@jakarta.apache.org
For additional commands, e-mail: tomcat-user-help@jakarta.apache.org
|