tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Emerson Cargnin <emer...@tre-sc.gov.br>
Subject Re: any standart way to keep passwords encripted???
Date Fri, 02 Apr 2004 19:49:54 GMT
How can I mantain databases passwords without :

- Being put in the code (arghhhh)
- Being in plain text in server.xml (as configured for tomcat)

I use another approache than the pool from tomcat, that consist in a 
separate servlet and a PoolManager, which is accessed in a static way. 
(so other apps can reference the same instance...). In the servlet I 
read the init properties from web-xml that follows a pattern 
(poolname1,dbuser1,dbpass1, and so on for all pools). In the application 
I just as for the pool by the name of it. It works and I can change the 
pool implementation without impacting in any code of the application. We 
are thinking in not let the password in plain text in the web.xml. I 
though of 2 approaches:

- Read the web.xml by a standalone app and encript the password, in my 
connection servlet I read it and decritp it.

- Have a separate file for each pool, this file,encripted, would contain 
info about each pool.

BTW, is there any way to use the same pool for more than one app, using 
tomcat pool configuration ???

thanks in advance
Emerson


Emerson Cargnin wrote:
> Is there any standart way to keep the passwords of databases encripted 
> when creating a pool through tomcat?
> 


-- 
Emerson Cargnin
Analista de Sistemas
Setor de Desenvolvimento de Sistemas - TRE-SC
tel : (048) - 251-3700 - Ramal 3181

---------------------------------------------------------------------
To unsubscribe, e-mail: tomcat-user-unsubscribe@jakarta.apache.org
For additional commands, e-mail: tomcat-user-help@jakarta.apache.org


Mime
View raw message