Return-Path: Delivered-To: apmail-tomcat-users-archive@www.apache.org Received: (qmail 36198 invoked from network); 14 Oct 2005 21:47:36 -0000 Received: from hermes.apache.org (HELO mail.apache.org) (209.237.227.199) by minotaur.apache.org with SMTP; 14 Oct 2005 21:47:36 -0000 Received: (qmail 87319 invoked by uid 500); 14 Oct 2005 21:47:22 -0000 Delivered-To: apmail-tomcat-users-archive@tomcat.apache.org Received: (qmail 87127 invoked by uid 500); 14 Oct 2005 21:47:21 -0000 Mailing-List: contact users-help@tomcat.apache.org; run by ezmlm Precedence: bulk List-Help: List-Unsubscribe: List-Post: List-Id: Reply-To: "Tomcat Users List" Delivered-To: mailing list users@tomcat.apache.org Received: (qmail 87116 invoked by uid 99); 14 Oct 2005 21:47:21 -0000 Received: from asf.osuosl.org (HELO asf.osuosl.org) (140.211.166.49) by apache.org (qpsmtpd/0.29) with ESMTP; Fri, 14 Oct 2005 14:47:21 -0700 X-ASF-Spam-Status: No, hits=0.0 required=10.0 tests= X-Spam-Check-By: apache.org Received-SPF: pass (asf.osuosl.org: local policy) Received: from [192.63.108.52] (HELO usbb-lacimss2.unisys.com) (192.63.108.52) by apache.org (qpsmtpd/0.29) with ESMTP; Fri, 14 Oct 2005 14:47:23 -0700 Received: from USBB-LACGW3.na.uis.unisys.com ([129.224.98.43]) by usbb-lacimss2 with InterScan Messaging Security Suite; Fri, 14 Oct 2005 18:00:05 -0400 Received: from USBB-LACGW3.na.uis.unisys.com ([129.224.98.44]) by USBB-LACGW3.na.uis.unisys.com with Microsoft SMTPSVC(6.0.3790.1830); Fri, 14 Oct 2005 17:46:56 -0400 Received: from USRV-EXCH1.na.uis.unisys.com ([129.225.81.6]) by USBB-LACGW3.na.uis.unisys.com with Microsoft SMTPSVC(6.0.3790.1830); Fri, 14 Oct 2005 17:46:56 -0400 Received: from USRV-EXCH4.na.uis.unisys.com ([192.61.245.232]) by USRV-EXCH1.na.uis.unisys.com with Microsoft SMTPSVC(6.0.3790.1830); Fri, 14 Oct 2005 16:46:55 -0500 X-MimeOLE: Produced By Microsoft Exchange V6.5.7226.0 Content-class: urn:content-classes:message MIME-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: quoted-printable Subject: RE: can JNDIRealm connectionPassword be encrypted? Date: Fri, 14 Oct 2005 16:46:54 -0500 Message-ID: X-MS-Has-Attach: X-MS-TNEF-Correlator: Thread-Topic: can JNDIRealm connectionPassword be encrypted? Thread-Index: AcXRACRT+uhRrhsXStq7NRtaib27fQABAHwQAAETPFA= From: "Caldarale, Charles R" To: "Tomcat Users List" X-OriginalArrivalTime: 14 Oct 2005 21:46:55.0685 (UTC) FILETIME=[CBAAF750:01C5D108] X-Virus-Checked: Checked by ClamAV on apache.org X-Spam-Rating: minotaur.apache.org 1.6.2 0/1000/N > From: Klotz Jr, Dennis [mailto:DKlotz@empirix.com]=20 > Subject: RE: can JNDIRealm connectionPassword be encrypted? >=20 > To me and my co-workers that login still represents a large=20 > security risk if someone can gain access to the file=20 > server.xml. If someone can gain access to server.xml, you essentially have a complete breakdown of security for that system. If you don't trust your file system to protect against unauthorized intrusion, any other security considerations are moot. - Chuck THIS COMMUNICATION MAY CONTAIN CONFIDENTIAL AND/OR OTHERWISE PROPRIETARY MATERIAL and is thus for use only by the intended recipient. If you received this in error, please contact the sender and delete the e-mail and its attachments from all computers. --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org For additional commands, e-mail: users-help@tomcat.apache.org