That's a different issue, Joe. SSL encrypts the flow, and is not specific to Cocoon. I wouldn't expect Cocoon to handle this. I'm wanting to encrypt the passwords (or other sensitive data) in the actual XML files, as, for example, Apache does with its htpasswd files. IMO, all passwords should be stored in encrypted form - doesn't stop the crackers, but makes life more difficult for them.
On Monday 18 Mar 2002 2:47 pm, Joseph Jupin wrote: > I'm going to answer this in terms of an SSL connection > from a client to your webserver (Apache or Tomcat, etc)... > In the Tomcat documentation it states that when an SSL > connection is made, the connection is encrypted from the > client to the webserver as in any normal webserver > situation. The server itself is responsible for taking > the encrypted stream, un-encrypting them and then > forwarding them on to the respective called for agent (in > this case Cocoon)... So, Cocoon would only be as secure > as the level of SSL encryption employed by your container > webserver (128 bit, for example)... > > Please look at the Tomcat startup page and click on their > Security-HOW-TO section... cool. > > peace. JOe... > > On Sat, 16 Mar 2002 19:30:49 +0000 > > Peter Robins <[EMAIL PROTECTED]> wrote: > >On Friday 15 Mar 2002 11:07 pm, Vadim Gritsenko wrote: > >> How do you handle plain text DB password in the > >>weblogic's config.xml > >> file? Or in the JRun server's local.properties file? Or > >>Tomcat's > >> server.xml? > > > >I don't. I don't use weblogic or jrun, nor do I have > >passwords in server.xml > > > >> I guess that you can apply same technique to the > >>Cocoon's cocoon.xconf. > >> > >> PS Cocoon uses Avalon's JDBC pools, so you may want to > >>ask this on > >> Avalon list. > > > >the question wasn't specific to DB, but a general > >question as to whether > >Cocoon handles encrypted data elements. However, looks > >like I have the answer > >- no :-) > > > >--------------------------------------------------------------------- > >Please check that your question has not already been > >answered in the > >FAQ before posting. > ><http://xml.apache.org/cocoon/faqs.html> > > > >To unsubscribe, e-mail: > ><[EMAIL PROTECTED]> > >For additional commands, e-mail: > ><[EMAIL PROTECTED]> > > --------------------------------------------------------------------- > Please check that your question has not already been answered in the > FAQ before posting. <http://xml.apache.org/cocoon/faqs.html> > > To unsubscribe, e-mail: <[EMAIL PROTECTED]> > For additional commands, e-mail: <[EMAIL PROTECTED]> --------------------------------------------------------------------- Please check that your question has not already been answered in the FAQ before posting. <http://xml.apache.org/cocoon/faqs.html> To unsubscribe, e-mail: <[EMAIL PROTECTED]> For additional commands, e-mail: <[EMAIL PROTECTED]>
