-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Marcus,
Milanez, Marcus wrote:
| Filip Hanik wrote:
|> if someone gets onto your machine as an super user, you have bigger
|> problem than the password being in clear text
|
| That is the answer everyone gives in tomcat forums all over the
| internet
Hi kevin,
Thnaks a lot for your answer, but there is no user input. The password is for
database access porpuses and is stored in context.xml file...
It seems to me there is no solution at all for this issue, unless beleive
server access are safe...
Thank you!
Marcus
-Mensagem original--
Filip thanks for your reply,
>> 1. make sure tomcat runs as an account that can't login
Right, that is done
>> 2. make any file that contains secure information readonly, and readable
>> only by the tomcat user
Done too
>> if someone gets onto your machine as an super user, you have bigger pr
