tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Nikola Milutinovic <Nikola.Milutino...@ev.co.yu>
Subject Re: JDBC Resource Configuration
Date Tue, 29 Nov 2005 06:37:29 GMT
Martin Dubuc wrote:

>I am defining a number of JNDI resources in the
>server.xml file in the GlobalNamingResources section.
>As part of defining JDBC resources in this section,
>the username and password attributes are specified.
>The password is specified as clear text. I am
>wondering if there are ways to encrypt the passwords
>used for the JDBC resources or if it is possible not
>  
>

Well, you have to give credentials someplace, server.xml seams like a 
good place to do it. It can be made unreadable by users other than tomcat.

>to define at all, but provide it in the Java sources
>instead.
>  
>

??? Isn't that stupid?

Sorry for lashing out, but one of the ideas of defining a JNDI resource 
IS the ability to move connection credentials, among other things, OUT 
of your source. Why would you want every developer on your team 
(including those 20 in India) to know your user/pass for the DB? What is 
the benefit?

Nix.

---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org


Mime
View raw message