2011/9/18 PocketA <giora...@gmail.com>: > > Hi, > > In my web service (using tomcat 7.0) I use a datasource to MySql database > configured under context.xml (in my WEB-INF directory) which looks like the
It will be in META-INF, not in WEB-INF. > following : > > <Context> > > <Resource name="jdbc/TestDB" auth="Container" > type="javax.sql.DataSource" maxActive="100" maxIdle="30" maxWait="10000" > username="user" password="pass" driverClassName="com.mysql.jdbc.Driver" > url="jdbc:mysql://localhost/test_db?autoReconnect=true"/> > > </Context> > > My question is : Is it safe to store user/pass like this ? if not, what is > commonly used as a safe approach ? Usually it is, but make sure that your webapps and conf folders are not world-readable. On unixes you'd use umask command to configure default access rights of created files. I prefer to configure connections in server.xml (so that the context.xml of the webapp does not have secrets, and can be stored in svn etc., as well as to use different db configuration on dev vs. prod) Regarding the password itself: http://wiki.apache.org/tomcat/FAQ/Password Best regards, Konstantin Kolinko --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
