I agree, keeping passwords in plain text is not a good idea.
But I don't think you can really hide your data from system administrator.
It makes no sense to me at all. System admin has full access to any recourse inside given system and can do anything.
It's somewhat strange to me that you don't trust the person responsible for keeping your system up and running!
But if you have your reasons, then perhaps you should not put any important data on the system he/she administrates.
No one can stop system admin from deleting your database files for example or from installing sniffers, captures, etc ....
If a person has root access to given system he/she does not need passwords in plain text to get access to any data inside the system.
On the other hand I would love to see some more secure way of storing sensitive data (DB passwords, etc.) implemented by JBoss.
I just don't see how it can be done with no user interaction required either on startup or later time.
Milen Dyankov
Mark Wang wrote:
Besides what your folks talked, here is another concern: The machine has a system admin, who has the root permission. The application(with JBOSS) has database, which is managed by somebody else(dba, etc). We don't want machine system admin knows database login-name/password. Otherwise he/she can read database and get all the information.
The security policy should be whoever should know can know, and whoever should not know can't know.
How can we achieve this goal with the clear password in mysql-ds.xml?
Mark
------------------------------------------------------- The SF.Net email is sponsored by EclipseCon 2004 Premiere Conference on Open Tools Development and Integration See the breadth of Eclipse activity. February 3-5 in Anaheim, CA. http://www.eclipsecon.org/osdn _______________________________________________ JBoss-user mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/jboss-user
