tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Konstantin Kolinko <knst.koli...@gmail.com>
Subject Re: Is it safe ?
Date Sun, 18 Sep 2011 18:39:20 GMT
2011/9/18 PocketA <giorashc@gmail.com>:
>
> Hi,
>
> In my web service (using tomcat 7.0) I use a datasource to MySql database
> configured under context.xml (in my WEB-INF directory) which looks like the

It will be in META-INF, not in WEB-INF.

> following :
>
> <Context>
>
>       <Resource name="jdbc/TestDB" auth="Container"
> type="javax.sql.DataSource" maxActive="100"   maxIdle="30" maxWait="10000"
> username="user" password="pass" driverClassName="com.mysql.jdbc.Driver"
> url="jdbc:mysql://localhost/test_db?autoReconnect=true"/>
>
> </Context>
>
> My question is : Is it safe to store user/pass like this ? if not, what is
> commonly used as a safe approach ?

Usually it is, but make sure that your webapps and conf folders are
not world-readable.
On unixes you'd use umask command to configure default access rights
of created files.

I prefer to configure connections in server.xml
(so that the context.xml of the webapp does not have secrets, and can
be stored in svn etc., as well as to use different db configuration on
dev vs. prod)

Regarding the password itself:
http://wiki.apache.org/tomcat/FAQ/Password

Best regards,
Konstantin Kolinko

---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org


Mime
View raw message