Return-Path: Delivered-To: apmail-tomcat-users-archive@www.apache.org Received: (qmail 66937 invoked from network); 27 Jun 2007 03:00:28 -0000 Received: from hermes.apache.org (HELO mail.apache.org) (140.211.11.2) by minotaur.apache.org with SMTP; 27 Jun 2007 03:00:28 -0000 Received: (qmail 24288 invoked by uid 500); 27 Jun 2007 03:00:21 -0000 Delivered-To: apmail-tomcat-users-archive@tomcat.apache.org Received: (qmail 23838 invoked by uid 500); 27 Jun 2007 03:00:19 -0000 Mailing-List: contact users-help@tomcat.apache.org; run by ezmlm Precedence: bulk List-Help: List-Unsubscribe: List-Post: List-Id: Reply-To: "Tomcat Users List" Delivered-To: mailing list users@tomcat.apache.org Received: (qmail 23827 invoked by uid 99); 27 Jun 2007 03:00:19 -0000 Received: from herse.apache.org (HELO herse.apache.org) (140.211.11.133) by apache.org (qpsmtpd/0.29) with ESMTP; Tue, 26 Jun 2007 20:00:19 -0700 X-ASF-Spam-Status: No, hits=1.4 required=10.0 tests=SPF_NEUTRAL X-Spam-Check-By: apache.org Received-SPF: neutral (herse.apache.org: 24.24.2.59 is neither permitted nor denied by domain of dns4@cornell.edu) Received: from [24.24.2.59] (HELO ms-smtp-05.nyroc.rr.com) (24.24.2.59) by apache.org (qpsmtpd/0.29) with ESMTP; Tue, 26 Jun 2007 20:00:15 -0700 Received: from [192.168.5.102] (cpe-24-59-111-127.twcny.res.rr.com [24.59.111.127]) by ms-smtp-05.nyroc.rr.com (8.13.6/8.13.6) with ESMTP id l5R2xrMK015728 for ; Tue, 26 Jun 2007 22:59:54 -0400 (EDT) Message-ID: <4681D2A9.3020602@cornell.edu> Date: Tue, 26 Jun 2007 22:59:53 -0400 From: David Smith User-Agent: Thunderbird 1.5 (X11/20051201) MIME-Version: 1.0 To: Tomcat Users List Subject: Re: (More) Hiding Password from server.xml References: <11312799.post@talk.nabble.com> In-Reply-To: <11312799.post@talk.nabble.com> Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit X-Virus-Scanned: Symantec AntiVirus Scan Engine X-Virus-Checked: Checked by ClamAV on apache.org Best I can think of is to write your own class to initialize a db pool and pull the password from a file encrypted with the server's public key (assuming it has a ssl cert.). To get the password from such a file requires the server's private ssl key which should be protected like the Hope Diamond anyway. I'll let you do the rest from there or modify it to fit your needs. --David jmaltais wrote: > Hi gang! > > I know this has been discussed before. I want to completely remove the > password from the server.xml file. It is only readable by root but that is > not good enough for me. > Some ideas: > * Hardcoding in a JDBC driver but then it can be taken and used by anybody. > * What about a subclassed Datasource with the specific login info there? > The problem is I don't want to have to always need to build tomcat from > source. Anyone have an answer or have tried this before? > > More thoughts? > > Cheers! > J > --------------------------------------------------------------------- To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org For additional commands, e-mail: users-help@tomcat.apache.org