> From: WM C [mailto:doublecr...@live.com] > Subject: how to encrypt password in data source config in context.xml > > In the data source declaration, database username, password needs to be > provided, and they are in plain text!
Think about it: either the password or the decryption key used to decipher the password will have to be in plain text somewhere so that Tomcat can send the password to the DB server. > anybody who can access the server can see the password Why have you allowed "anybody" to have access to the Tomcat configuration files? That should be limited to whoever administers Tomcat. If "anybody" really does have access to your server, you've got a load of problems that are a lot of worse than someone finding the DB password. - Chuck THIS COMMUNICATION MAY CONTAIN CONFIDENTIAL AND/OR OTHERWISE PROPRIETARY MATERIAL and is thus for use only by the intended recipient. If you received this in error, please contact the sender and delete the e-mail and its attachments from all computers. --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
