tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Mark Thomas <ma...@apache.org>
Subject Re: running tomcat6 under a different user than root (debian)
Date Fri, 29 Oct 2010 12:03:05 GMT
On 29/10/2010 12:03, Darryl Lewis wrote:
> Now I have to try and convince them that storing the database connection username and
passwords in plaintext are a bad idea...

I trust that the supplier replies that there is nothing wrong with this
approach.

The most you'll ever be able to achieve is limiting access to the
username and password to the user running the Tomcat process. Since the
OS provides a fine set of file permissions for doing exactly that, why
bother with anything else?

'encrypting' the username and password will never be anything more than
security by obscurity and that is no security at all.

Mark

---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org


Mime
View raw message