tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From David Smith <d...@cornell.edu>
Subject Re: (More) Hiding Password from server.xml
Date Wed, 27 Jun 2007 02:59:53 GMT
Best I can think of is to write your own class to initialize a db pool 
and pull the password from a file encrypted with the server's public key 
(assuming it has a ssl cert.).  To get  the password from such a file 
requires the server's private ssl key which should be protected like the 
Hope Diamond anyway.

I'll let you do the rest from there or modify it to fit your needs.

--David


jmaltais wrote:
> Hi gang!
>
> I know this has been discussed before.  I want to completely remove the
> password from the server.xml file.  It is only readable by root but that is
> not good enough for me.  
> Some ideas:
> * Hardcoding in a JDBC driver but then it can be taken and used by anybody.
> * What about a subclassed Datasource with the specific login info there? 
> The problem is I don't want to have to always need to build tomcat from
> source.  Anyone have an answer or have tried this before?
>
> More thoughts?
>
> Cheers!
> J
>   


---------------------------------------------------------------------
To start a new topic, e-mail: users@tomcat.apache.org
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org


Mime
View raw message