Milanez, Marcus wrote:
Should I always assume that the resources that my application access
(like a database for example) doesn't need additional security,
because it is hosted in a server, and if this so called server was
attacked them worse things could actually happen?
Generally I would expect w
2007 09:21
Para: Tomcat Users List
Assunto: RES: Resource Security
Mark,
First of all, let me thank you for your detailed response. This list
contains lots of qualified people, and I'm really glad I'm part of it
because I'm learning more and more everyday.
All the reasons yo
ut
I can't find a good answer... I'm just exposing some ideas.
Thank you all for your attention once more. This community is really great..
Yours,
Marcus Milanez
-Mensagem original-
De: Mark Thomas [mailto:[EMAIL PROTECTED]
Enviada em: sábado, 18 de agosto de 2007 00:31
P
Christopher Schultz wrote:
> Andrew,
>
> Andrew Hole wrote:
>> Is it possible encrypt password on Resource setup?
>
> No (still).
And for good reason.
First off all, why does the resource password need to be encrypted?
The threat is that an attacker gains unauthorised access to the box
locally
: Resource Security
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Andrew,
Andrew Hole wrote:
> Is it possible encrypt password on Resource setup?
No (still).
- -chris
PS Yes, you can write your own data source manager that decrypts the
credentials or whatever, but then you have to store /t
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Andrew,
Andrew Hole wrote:
> Is it possible encrypt password on Resource setup?
No (still).
- -chris
PS Yes, you can write your own data source manager that decrypts the
credentials or whatever, but then you have to store /that/ password
somewhere.
Nope.
You could write your own db pool init code in a ServletContextListener
and then do anything you want as far as how to store the pool
configuration if you really need to encrypt the password. The standard
tomcat configuration files don't offer any facility for encrypting
passwords thoug
Is it possible encrypt password on Resource setup?
Thanks
Andew
