DB-password clear text - what alternatives?

[Derek Hohls]

Please expand on the hints below... there are few areas that are not clear to me yet - at the moment all my passwords are stored in the xml file that makes the calls to the db  e.g.     String DBPass = "password"; ...   <esql:password><xsp:expr>DBPass</xsp:expr></esql:password>   and I am worried that as the xml file is readable (normally, indirectly, but there are no guarantees here), that someone could find a way of displaying its contents.   What is a ' localhost loopback' and what/where is the 'cocoon.xconf' and how would you use either/both to replace the above system?  Please include code snippets if at all possible...   Thanks Derek >>> [EMAIL PROTECTED] 28/08/2001 10:38:55 >>> On Tue, Aug 28, 2001 at 11:21:45AM +0200, Enke Michael wrote: > Hi! > Is there a possibility or would it be > easy to implement to have the DB password > encrypted in some kind (in *.xsp or cocoon.xconf)? as long as the direct JDBC connection requires plaintext passwords (and yes all existing JDBC driver implementations require plaintext) it's absolutely useless to add encryption to another layer. anyway passwords are stored in a file on the server and JDBC connection is usually made via localhost loopback, therefore password sniffing is almost impossible and cocoon.xconf or whichever file the password actually contains is not readable by ordinary users via web... > This doesn't mean a state of the art > encryption (too complicated!?), but only > that not everybody can have direct access > to the database. don't get this, if there is a password that only admin knows, then anyone who does not know it does not have the access to the database or am I wrong ??? > > Regards, > Michael > rgds, martin -- ------------------------------------------------------------------------------- "Only dead fish swims with a stream"                         Malcolm Muggeridge gpg_key_available: http://globales.cz/~mman/martin.man.gpg gpg_key_fingerprint: 2CC0 4AF6 92DA 5CBF 5F09  7BCB 6202 7024 6E06 0223 --------------------------------------------------------------------- Please check that your question has not already been answered in the FAQ before posting. <http://xml.apache.org/cocoon/faqs.html> To unsubscribe, e-mail: <[EMAIL PROTECTED]> For additional commands, e-mail: <[EMAIL PROTECTED]>