-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Marcus,
Milanez, Marcus wrote:
| Filip Hanik wrote:
|> if someone gets onto your machine as an super user, you have bigger
|> problem than the password being in clear text
|
| That is the answer everyone gives in tomcat forums all over the
| internet
> From: Milanez, Marcus [mailto:[EMAIL PROTECTED]
> On the other hand, is it right to stay behind a
> possible security fault (malicious super user performing
> login) in order to say I'll not correct known security issues
> in my application?
There's a lovely discussion on exactly this topic in H
a lot!
Marcus
-Mensagem original-
De: Filip Hanik - Dev Lists [mailto:[EMAIL PROTECTED]
Enviada em: terça-feira, 13 de maio de 2008 12:37
Para: Tomcat Users List
Assunto: Re: Once again, clear text passwords in context.xml files
it's a wasted effort, the one way it could be truly
-
De: Kevin Williams [mailto:[EMAIL PROTECTED]
Enviada em: terça-feira, 13 de maio de 2008 14:36
Para: Tomcat Users List
Assunto: Re: Once again, clear text passwords in context.xml files
How about hashing the passwords with a known forumla and storing them in this
intermediate format. App
> From: Kevin Williams [mailto:[EMAIL PROTECTED]
> Subject: Re: Once again, clear text passwords in context.xml files
>
> How about hashing the passwords with a known forumla and storing them
> in this intermediate format. App would need to hash the user input
> and compare
l security problem. Are
> they seeing a big problem in a small one?
>
> Thanks a lot!
>
> Marcus
>
>
>
>
> -Mensagem original-
> De: Filip Hanik - Dev Lists [mailto:[EMAIL PROTECTED]
> Enviada em: terça-feira, 13 de maio de 2008 12:37
> Para: Tomcat Users List
&
ks a lot!
Marcus
-Mensagem original-
De: Filip Hanik - Dev Lists [mailto:[EMAIL PROTECTED]
Enviada em: terça-feira, 13 de maio de 2008 12:37
Para: Tomcat Users List
Assunto: Re: Once again, clear text passwords in context.xml files
it's a wasted effort, the one way it could be tru
it's a wasted effort, the one way it could be truly secure, was if
tomcat asked you for a key upon startup. this wouldn't work very well in
a 1000 tomcat instance server farm.
any other effort simply masks the problem, letting you think it is
secure, when it isn't.
what you should do is this
Hello everyove,
We were asked to eliminate clear text passwords associated to database
pooled connections in context.xml files... I know it has been discussed
a lot, but I would like to ask once again whether someone has a simple,
clean solution for that. We are using Windows server and MS SQL 200
