tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Mark Thomas <>
Subject Re: running tomcat6 under a different user than root (debian)
Date Fri, 29 Oct 2010 13:29:39 GMT
On 29/10/2010 14:19, Darryl Lewis wrote:
> Are you serious?

Completely. If you have a scheme that encrypts the database username and
password in server.xml and provides genuine additional security over and
above limiting access to server.xml to the user running Tomcat (and
root) I'd love to hear it. I'd also be amazed.

> Why do we bother with SSL then? Lets just send everything in clear text...

Different information in a different environment with different threats.

I never said passwords should never be protected. I was quite specific
that trying to encrypt usernames and passwords in server.xml (or
context.xml for that matter) for database resources is a complete waste
of time.


To unsubscribe, e-mail:
For additional commands, e-mail:

View raw message