On Feb 12, 2016 2:35 PM, "Dougherty, Gregory T., M.S." < dougherty.greg...@mayo.edu> wrote: > > You are correct, I¹m trying to authorize the web app, not the user. > > Goal: I am trying to come up with a way for a Tomcat app to securely store > and retrieve the password it needs to access a DB. > > My definition of ³secure² includes ³there exist no files with an > unencrypted copy of the password². IIUC, JNDI fails this test. > > My requirements include that all web app components are checked in to a > source control system that malicious users can have read access to. > -- > Gregory Dougherty
This is a secure password question? This task falls more in line with your enterprise architecture than with a simple common jar file. Think about how you could implement your own data source that reads encrypted passwords from some common location. The Tomcat "app" should not have anything to do with this. Leo
