tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From 彬 乔 <geminiq...@yahoo.com.cn>
Subject How to protect the plain text username and password in the server.xml
Date Fri, 29 Oct 2010 09:19:10 GMT
Dears,

We are using Tomcat 5.5.20 in a RHEL 64bit box. The application running on it is a financial
system. An internal audit indicated that we should not use plain text username and password
in the server.xml, as:

<Resource name="jdbc/JiraDS" auth="Container" type="javax.sql.DataSource"
    username="user"
    password="password"
    ...
/>

Is there a way to use encrypted username and password in the server.xml file? Or, use the
username and password as parameters of the startup command, instead of leaving them as plain
text in the server.xml?

Thanks,

Roy Qiao


      


---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org


Mime
View raw message