On 29/10/2010 12:03, Darryl Lewis wrote: > No one should, but I had a supplier recommend to run their application as > root. All their scripts and configuration instructions were for running as > root. > Needless to say I didn't run it as that and rewrote their installation > scripts. > Now I have to try and convince them that storing the database connection > username and passwords in plaintext are a bad idea...
What is the alternative? If the config files containing that information are only readable by the user running Tomcat, and that user doesn't have login access - assuming you're using the service wrapper script to start up, then the information is protected, no? p
0x62590808.asc
Description: application/pgp-keys
signature.asc
Description: OpenPGP digital signature
