tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Darren <darrensli...@googlemail.com>
Subject Re: Encrypting passwords in the connection pool setup
Date Tue, 01 May 2007 09:37:08 GMT
I commented on this in the following article - http://www.owasp.org/ 
index.php/Securing_tomcat#Cleartext_Passwords_in_CATALINA_HOME.2Fconf. 
2Fserver.xml

In short, no.

There was also some further discussion on one of the OWASP list  
recently - https://lists.owasp.org/pipermail/java-project/2007-April/ 
000150.html


On 30 Apr 2007, at 21:31, Kelly J Flowers wrote:

> I'm using Tomcat 5.5 to run a web application.  I have the  
> connection pools
> set up and working in the context.xml but the password is in plain  
> text.
> Does anyone know of a way to encrypt the password and username to the
> database?


---------------------------------------------------------------------
To start a new topic, e-mail: users@tomcat.apache.org
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org


Mime
View raw message