As with anything unless you test you are never sure. For example there used to be a bug in Jetty long time ago which allowed access to WEB-INF content. This is fixed but such a bug can be introduced with other containers as well. Just my €.02. Peter
2009/6/9, mnenchev <nenchev.mari...@gmail.com>: > > WEB-INF is privete directory, no one outside could access it. So, > storing username and pass there is totally secured, but i have never > tried it. As i told you it is secured dont warry. > > Sean wrote: >> So, not to be paranoid or anything, but there are no tricks or >> anything to get into the WEB-INF folder and beyond? If I try to access >> it from a browser I do get the 403 (FORBIDDEN) error, I just want to >> make sure there's no quick turn around for that. I guess I lied, I am >> paranoid. Thanks for your help! >> >> On Jun 9, 7:55 am, mnenchev <nenchev.mari...@gmail.com> wrote: >> >>> Every thing witch is in your server package is on the server, so no one >>> could access your private data. It is like in hibernate, that has >>> hibernate config file where the user and pass are stored. This config >>> file is on the server and no one has access to it. >>> >>> Sean wrote: >>> >>>> In regards to using RPC's to access a database, I am worried about >>>> security. I'd love to use an RPC to access a DB, but what I can't >>>> figure out is how to store the name and pw of the DB. I'm afraid if I >>>> put it right in the code someone could just read it. If I try to read >>>> it from a file, I'm afraid that they will see the path to the file and >>>> read it. >>>> >>>> Is it secure enough to put the PW in a locked directory from the >>>> outside world and read it? I'm afraid it'd be too easy to break in. >>>> How do you do it? >>>> >> > >> > > > > > --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "Google Web Toolkit" group. To post to this group, send email to Google-Web-Toolkit@googlegroups.com To unsubscribe from this group, send email to google-web-toolkit+unsubscr...@googlegroups.com For more options, visit this group at http://groups.google.com/group/Google-Web-Toolkit?hl=en -~----------~----~----~----~------~----~------~--~---