Security seems to be always in the hands of the wrong people. No need for insults here, this is a new requirement which I'm not familiar with, and that's why I asked you guys..
Instead of the JTDS, can I use Tomcat Spengo? will it provide same results, as using a domain user for the tomcat windows service, and removing user and password from xml configuration file under conf/catalina/localhost ? Thanks Hila 2011/3/2 Jorge Medina <cerebrotecnolog...@gmail.com> > I got a good laugh with your message. > > Security seems to be always in the hands of the wrong people. > > Once I asked for the algorithm used to hash the passwords (that > happened to be HMAC SHA-1) into a database, if I was going to > authenticate the users, I needed to use the same algorithm. I did not > ask for the key used to salt the hash, I could put that as a parameter > to be provided at install time and use any other key during > development and testing. My request was rejected until authorized by a > manager two levels up! <sigh> (All I needed to know was "HMAC > SHA-1"!) > > > > > On Mon, Feb 28, 2011 at 11:02 AM, Christopher Schultz > <ch...@christopherschultz.net> wrote: > > -----BEGIN PGP SIGNED MESSAGE----- > > Hash: SHA1 > > > > הילה, > > > > On 2/28/2011 5:17 AM, הילה wrote: > >> How can I encrypt the password inside the xml file? > > > > 0. $file = conf/server.xml > > 1. Use your favorite encryption tool to encrypt the password and shove > > it into $file > > 2. Use that same tool in some code you hack-into Tomcat to read it > > back out. > > 3. Store the key to your favorite-tool encryption package in another > > file (say, s3cr3t.key) > > 4. $file = s3cr3t.key > > 5. Go to step 1. > > > > Repeat this process until you feel like you're safe. (Hint: you are > > still not safe). Scratch that: repeat this process until your boss or > > your auditor feel like they are safe. > > > > - -chris > > -----BEGIN PGP SIGNATURE----- > > Version: GnuPG v1.4.10 (MingW32) > > Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ > > > > iEYEARECAAYFAk1rxwwACgkQ9CaO5/Lv0PCtGQCgtxVxV9+N0AvRuYw0U6mi9ki1 > > ikgAn1xQNqRRtSKby531xKRHizxzEFwD > > =uuFd > > -----END PGP SIGNATURE----- > > > > --------------------------------------------------------------------- > > To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org > > For additional commands, e-mail: users-h...@tomcat.apache.org > > > > > > --------------------------------------------------------------------- > To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org > For additional commands, e-mail: users-h...@tomcat.apache.org > >
