,
Benz Lim
-Original Message-
From: Paul McCulloch [mailto:[EMAIL PROTECTED]
Sent: Friday, March 12, 2004 8:16 PM
To: 'Struts Users Mailing List'
Subject: RE: [OT] Database password
Why not put the file in area that is accessible only to the right users and
have the app server r
sers Mailing List'
> Subject: RE: [OT] Database password
>
>
> Users cant access this file, but the file can be accessed by
> people that
> is not from Information Security area (Seguridad Informática). The
> password shouldnt be known neither by the application
>
Guillermo, we're also using DBCP.
Our approach is to use our own Properties subclass. This subclass
can read (and "decrypt") a previously encrypted property file (using a
2-way dummy encryption algorithm)...
I don't know if this is the best way but it works for us :-)
]>
Sent: Thursday, March 11, 2004 7:07 PM
Subject: Re: [OT] Database password
I believe that it will be easier to define a proper security policy in
your
production server than trying to hide the password or encrypt it.
Another option is to hard-code it into your source, but you will l
Mailing List" <[EMAIL PROTECTED]>
Sent: Thursday, March 11, 2004 7:07 PM
Subject: Re: [OT] Database password
> I believe that it will be easier to define a proper security policy in
your
> production server than trying to hide the password or encrypt it.
>
> Another option is to
: "Guillermo Meyer" <[EMAIL PROTECTED]>
To: "'Struts Users Mailing List'" <[EMAIL PROTECTED]>
Sent: Thursday, March 11, 2004 3:59 PM
Subject: RE: [OT] Database password
Users cant access this file, but the file can be accessed by people that
is not
-
From: Lucas Gonzalez [mailto:[EMAIL PROTECTED]
Sent: Jueves, 11 de Marzo de 2004 03:56 p.m.
To: Struts Users Mailing List
Subject: Re: [OT] Database password
If the problem is the user accesing the plain text file by typing the
URL in the browser...
a better solution would be to tell apache
> From: Guillermo Meyer [mailto:[EMAIL PROTECTED]
> How are your Java Applications get connected to production
> databases and how is the database password protected?
I make no claims of best practices. My Factory class that produces
(non-JDBC) connections to my database reads a .properties fil
#x27;" <[EMAIL PROTECTED]>
Sent: Thursday, March 11, 2004 3:49 PM
Subject: [OT] Database password
> Hi:
> Our Struts application is currently in production. This applciation uses
> an Oracle Database (we are using DBCP from jakarta).
> We access this database through url,
Hi:
Our Struts application is currently in production. This applciation uses
an Oracle Database (we are using DBCP from jakarta).
We access this database through url, user a password and we need to
"hide" the production database password. The password is stored in a
configuration file and is in pla
10 matches
Mail list logo