tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Darryl Lewis <>
Subject Re: running tomcat6 under a different user than root (debian)
Date Fri, 29 Oct 2010 13:19:53 GMT
Are you serious?

Why do we bother with SSL then?  Lets just send everything in clear text...

On 29/10/10 11:03 PM, "Mark Thomas" <> wrote:

On 29/10/2010 12:03, Darryl Lewis wrote:
> Now I have to try and convince them that storing the database connection username and
passwords in plaintext are a bad idea...

I trust that the supplier replies that there is nothing wrong with this

The most you'll ever be able to achieve is limiting access to the
username and password to the user running the Tomcat process. Since the
OS provides a fine set of file permissions for doing exactly that, why
bother with anything else?

'encrypting' the username and password will never be anything more than
security by obscurity and that is no security at all.


To unsubscribe, e-mail:
For additional commands, e-mail:

  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message