Christopher Schultz wrote:
> Andrew,
>
> Andrew Hole wrote:
>> Is it possible encrypt password on Resource setup?
>
> No (still).
And for good reason.
First off all, why does the resource password need to be encrypted?
The threat is that an attacker gains unauthorised access to the box
locally
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Andrew,
Andrew Hole wrote:
> Is it possible encrypt password on Resource setup?
No (still).
- -chris
PS Yes, you can write your own data source manager that decrypts the
credentials or whatever, but then you have to store /that/ password
somewhere.
Nope.
You could write your own db pool init code in a ServletContextListener
and then do anything you want as far as how to store the pool
configuration if you really need to encrypt the password. The standard
tomcat configuration files don't offer any facility for encrypting
passwords thoug
