On 2/12/16, 3:08 PM, "Leo Donahue" <donahu...@gmail.com> wrote:
>On Feb 12, 2016 2:58 PM, "Dougherty, Gregory T., M.S." < >dougherty.greg...@mayo.edu> wrote: >> >> The web app needs a DB password so it can connect to the DB. > >I disagree that the web app needs a password. The web app has to be able to read and write to the DB. That takes a password. > >> How does the Web app get access to the DB, without saving within the web >> app anything that someone else could also use to get access to that DB? >> > >Implement your own data source. How does the web app connect to the data source? How does the data source know that this web app, unlike every other web app in existence, is allowed to access the data source? For that matter, how do I set up the data source (whose every element is checked into the source code control system that a malicious user may have access to) so that it knows the passwords of interest? That leaves aside the issue that the web app is a production web app, which means it can¹t rely on a non-production data source, which means I can¹t set up my own data source. But even if I could, all the other problems still apply. -- Gregory Dougherty Sr. Analyst/Programmer | Information Technology Information Technology (507) 284-8493 | dougherty.greg...@mayo.edu --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
