Re: Encrypt Cleartext Resource Password

Wed, 16 Aug 2006 04:19:41 -0700

There is no way built in to tomcat to obfuscate the password on a JNDI resource. It's been discussed here on the list and the general concensus is to secure the server.xml file from prying eyes using file permissions and general server configuration. 

--David

Darren wrote:
I tried adding digest="MD5" as you advised, but it's not being used. If the password is left in cleartext (with digest="MD5") the connection works fine, but if the MD5 version of the password is used it fails to connect to the database. 

On 16 Aug 2006, at 10:31, Yassine ELassad (YEL) wrote:


HI Darren,

I guess you need this : digest="MD5"  in your realm definition so it
would look like follow:


<Resource name="jdbc/database" auth="Container"
                 type="javax.sql.DataSource"
                 maxActive="10" maxIdle="15"
                 maxWait="10000"
                 removeAbandoned="true"
                 removeAbandonedTimeout="300"
                 logAbandoned="true"
                 driverClassName="com.mysql.jdbc.Driver"

                 digest="MD5"

                 username="USERNAME"
                 password="PASSWORD"
url="jdbc:mysql://localhost: 3306/DB? autoReconnect=true" 

/>


Greetings, Yassine
Cologne,Germany

On 8/16/06, Darren <[EMAIL PROTECTED]> wrote:


Hi,

I have a JDBC resource configured with tomcat 5.0 (in server.xml) and
it is working fine.

<Resource name="jdbc/database" auth="Container"
type="javax.sql.DataSource" maxActive="10" maxIdle="15"
maxWait="10000" removeAbandoned="true" removeAbandonedTimeout="300"
logAbandoned="true" driverClassName="com.mysql.jdbc.Driver"
username="USERNAME" password="PASSWORD" url="jdbc:mysql://localhost:
3306/DB?autoReconnect=true" />

I would like to specify the PASSWORD in an encrypted, or at least
encoded, form so it is not cleartext.  Checking the docs I see
mention of a digest parameter, but I cannot find any reference to
using this with regard to a JDBC resource.  Is such a thing
possible?  If not, perhaps someone could point me to the relevant
parts of the source code I need to subclass in order to make it
possible.

Thanks,
Darren





---------------------------------------------------------------------
To start a new topic, e-mail: users@tomcat.apache.org
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]




---------------------------------------------------------------------
To start a new topic, e-mail: users@tomcat.apache.org
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

Reply via email to