> -----Original Message----- > From: Christopher Schultz [mailto:ch...@christopherschultz.net] > Sent: Wednesday, February 23, 2011 10:11 AM > To: Tomcat Users List > Subject: Re: [OT] Memory Leak in Tomcat > > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > הילה, > > On 2/23/2011 10:51 AM, הילה - צוות אגורה wrote: > > the user that runs the tomcat service is a domain user, but I specify > the > > user name and password of this user under "log on" tab on the service > > properties. > > it's not a problem since the password is encrypted, but in the xml > file it's > > in clear text. > > It's a good thing those credentials don't need to be decrypted in order > to be used. Congratulations: you've covered your ass. >
Not sure exactly what Windows does once you've entered a verified user/pw combination for a service. I'm guessing that it stores the password somehow, because if you change the password, the service won't start next time. However, this is a "nice" (?) feature of using SQL Server. Already validated user credentials can be passed by the OS to SQL Server to be validated for database logon. It's their version of SSO for the database. (Note: I don't find it an overwhelming advantage for determining to use that specific database software.) __________________________________________________________________________ Confidentiality Notice: This Transmission (including any attachments) may contain information that is privileged, confidential, and exempt from disclosure under applicable law. If the reader of this message is not the intended recipient you are hereby notified that any dissemination, distribution, or copying of this communication is strictly prohibited. If you have received this transmission in error, please immediately reply to the sender or telephone (512) 343-9100 and delete this transmission from your system.
