tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From srevi...@g88.net
Subject Re: Security Hole - server.xml
Date Wed, 26 Nov 2003 15:55:10 GMT
> A direct question arising from a security review :-
>
>  Using a datasource it is possible to remove the 'username',
>  'password' or at least encrypt them using someting like MD5

The Password can be digested.  See

  http://jakarta.apache.org/tomcat/tomcat-4.1-doc/realm-howto.html#Digested%20Passwords

-- 
Steve



---------------------------------------------------------------------
To unsubscribe, e-mail: tomcat-user-unsubscribe@jakarta.apache.org
For additional commands, e-mail: tomcat-user-help@jakarta.apache.org


Mime
View raw message