I commented on this in the following article - http://www.owasp.org/
index.php/Securing_tomcat#Cleartext_Passwords_in_CATALINA_HOME.2Fconf.
2Fserver.xml
In short, no.
There was also some further discussion on one of the OWASP list
recently - https://lists.owasp.org/pipermail/java-project/2007-April/
000150.html
On 30 Apr 2007, at 21:31, Kelly J Flowers wrote:
I'm using Tomcat 5.5 to run a web application. I have the
connection pools
set up and working in the context.xml but the password is in plain
text.
Does anyone know of a way to encrypt the password and username to the
database?
---------------------------------------------------------------------
To start a new topic, e-mail: users@tomcat.apache.org
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
