Hi All Secrets are more secure with the use of a Trusted Platform Module (TPM) and / or a Hardware Security Module (HSM).
Secrets need to be protected both at rest and in transit. John Orendt john.p.ore...@medtronic.com -----Original Message----- From: Alan F <shiva...@hotmail.com> Sent: Friday, January 14, 2022 2:05 PM To: Tomcat Users List <users@tomcat.apache.org> Subject: RE: Tomcat 9 Encrpytion of JDBC OK thanks Bill! -----Original Message----- From: Bill Stewart <bstew...@iname.com> Sent: 14 January 2022 19:02 To: Tomcat Users List <users@tomcat.apache.org> Subject: Re: Tomcat 9 Encrpytion of JDBC On Fri, Jan 14, 2022 at 10:25 AM Alan F wrote: > Interested to know your best practices on securing jdbc plain text > passwords, in my last place they used a mechanism to encrypt all passwords. > Is this the best method as I read some people don't recommend this. > Any details or procs on best practice appreciated. > The "best practice," generally speaking, is that doing so is basically pointless from a security perspective. https://urldefense.com/v3/__https://cwiki.apache.org/confluence/display/TOMCAT/Password__;!!NFcUtLLUcw!Bhr3E8c3AZFikCj4AHarnHl2emUxh99SUwhynFa-FKWZahvlpv0TmiVo5DveVMgMyg3NbQ$ Bill [CONFIDENTIALITY AND PRIVACY NOTICE] Information transmitted by this email is proprietary to Medtronic and is intended for use only by the individual or entity to which it is addressed, and may contain information that is private, privileged, confidential or exempt from disclosure under applicable law. If you are not the intended recipient or it appears that this mail has been forwarded to you without proper authority, you are notified that any use or dissemination of this information in any manner is strictly prohibited. In such cases, please delete this mail from your records. To view this notice in other languages you can either select the following link or manually copy and paste the link into the address bar of a web browser: http://emaildisclaimer.medtronic.com --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
