tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Tim Funk <funk...@joedog.org>
Subject Re: Security Hole - server.xml
Date Wed, 26 Nov 2003 15:59:45 GMT
The link below is for users logging-in (FORM or BASIC). Not for database 
connections.

-Tim

srevilak@g88.net wrote:

>>A direct question arising from a security review :-
>>
>> Using a datasource it is possible to remove the 'username',
>> 'password' or at least encrypt them using someting like MD5
> 
> 
> The Password can be digested.  See
> 
>   http://jakarta.apache.org/tomcat/tomcat-4.1-doc/realm-howto.html#Digested%20Passwords
> 


---------------------------------------------------------------------
To unsubscribe, e-mail: tomcat-user-unsubscribe@jakarta.apache.org
For additional commands, e-mail: tomcat-user-help@jakarta.apache.org


Mime
View raw message