RE: security of server.xml in tomcat

2003-06-10 Thread Sri Thuraisamy 
Also depends on from whom you want to hide the credentials. If it's from
web client, then based on servlet specifications "The files inside the
WEB-INF folder cannot be accessible by the web client". If you want to
protect from console access users then you can protect by defining
access rights to the web deployment.

ST
 
On Mon, 2003-06-09 at 14:42, Chad Johnson wrote:
> Just a thought, I can't see how having the username and password in code
> is any more secure.  Prying eyes could have equal access to both.
> 
> Chad Johnson
> Web Services Developer
> WS Packaging - Wisconsin Label
> Tel:(920)487-6271
> 
> 
> -Original Message-
> From: Mohamed Tagari [mailto:[EMAIL PROTECTED] 
> Sent: Monday, June 09, 2003 9:32 AM
> To: [EMAIL PROTECTED]
> Subject: security of server.xml in tomcat 
> 
> 
> Hi,
> 
> Is there any way of instantiating the password and username 
> parameters for connecting to a database in the application code rather 
> than having it as plain text in the server.xml. 
> 
> As having the username and password as plain text is not 
> very secure..
> 
> Any help/information will be apprectiated..
> 
> The database will be containing sensitive information, hence all
> passwords 
> and usernames have to be protected..
> 
> // java code
> Context init = new InitialContext();
> Context ctx = (Context) init.lookup("java:comp/env"); DataSource ds =
> (DataSource) ctx.lookup("jdbc/myoracle");
> 
> 
> 
> // extract from server.xml
>type="javax.sql.DataSource"/> 
> 
> 
> .
> .
> .
>   
> username
> scott
>   
>   
> password
> tiger
>   
> .
> .
> 
> 
> mo
> 
> 
> 
> -
> To unsubscribe, e-mail: [EMAIL PROTECTED]
> For additional commands, e-mail: [EMAIL PROTECTED]
> 
> 
> -
> To unsubscribe, e-mail: [EMAIL PROTECTED]
> For additional commands, e-mail: [EMAIL PROTECTED]
-- 
Sri Thuraisamy <[EMAIL PROTECTED]>


-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

UnSubsribe

2001-07-19 Thread Sri Thuraisamy 

UnSubsribe

RE: cvs commit: jakarta-tomcat/src/share/org/apache/tomcat/modules/config JservConfig.java

2001-07-19 Thread Sri Thuraisamy 

How do i unsubscribe form mailing list

-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]
Sent: July 19, 2001 1:24 PM
To: [EMAIL PROTECTED]
Subject: cvs commit:
jakarta-tomcat/src/share/org/apache/tomcat/modules/config
JservConfig.java


larryi  01/07/19 13:23:34

  Modified:src/share/org/apache/tomcat/modules/config JservConfig.java
  Log:
  Fix protocol name.  Remove incorrect comment.
  
  Revision  ChangesPath
  1.2   +2 -3
jakarta-tomcat/src/share/org/apache/tomcat/modules/config/JservConfig.java
  
  Index: JservConfig.java
  ===
  RCS file:
/home/cvs/jakarta-tomcat/src/share/org/apache/tomcat/modules/config/JservCon
fig.java,v
  retrieving revision 1.1
  retrieving revision 1.2
  diff -u -r1.1 -r1.2
  --- JservConfig.java  2001/07/03 23:29:32 1.1
  +++ JservConfig.java  2001/07/19 20:23:34 1.2
  @@ -102,7 +102,7 @@
   
   @author Costin Manolache
   @author Mel Martinez
  - @version $Revision: 1.1 $ $Date: 2001/07/03 23:29:32 $
  + @version $Revision: 1.2 $ $Date: 2001/07/19 20:23:34 $
*/
   public class JservConfig  extends BaseInterceptor { 
   
  @@ -110,7 +110,7 @@
   public static final String
APACHE_CONFIG="conf/jserv/tomcat-apache.conf";
   /** default location of mod_jserv Apache plug-in. */
   public static final String MOD_JSERV;
  -public static final String AJPV12="ajp12";
  +public static final String AJPV12="ajpv12";
   
   //set up some defaults based on OS type
   static{
  @@ -343,7 +343,6 @@
// Find Ajp1? connectors
int portInt=8007;
BaseInterceptor ci[]=cm.getContainer().getInterceptors();
  - // try to get jakarta-tomcat-connectors Ajp13 Interceptor class
for( int i=0; i