How to encrypt password in Data Source Declaration
Hi All - Sorry if this question seems dumb, but here it is: In the data source declaration, database username, password needs to be provided, and they are in plain text! For the application, data source works fine, but I feel it is really not safe - anybody who can access the server can see the password, plus the fact that the file need to be upload to a source control repository - password becomes an open secret, if it's still a sceret :( Is there a good/generalized way to handle this (and any similar cases invloving password in xml configuration file) Thanks a lot, William _ Hotmail: Powerful Free email with security by Microsoft. http://clk.atdmt.com/GBL/go/196390710/direct/01/
RE: How to encrypt password in Data Source Declaration
sorry about that. Did not realize I was doing it. William Date: Thu, 14 Jan 2010 18:00:46 + From: ma...@apache.org To: users@tomcat.apache.org Subject: Re: How to encrypt password in Data Source Declaration Please do not hijack threads. To ask a new question, create a new message. Do not reply to an old one (even if you change the subject). Mark On 14/01/2010 17:54, WM C wrote: Hi All - Sorry if this question seems dumb, but here it is: In the data source declaration, database username, password needs to be provided, and they are in plain text! For the application, data source works fine, but I feel it is really not safe - anybody who can access the server can see the password, plus the fact that the file need to be upload to a source control repository - password becomes an open secret, if it's still a sceret :( Is there a good/generalized way to handle this (and any similar cases invloving password in xml configuration file) Thanks a lot, William _ Hotmail: Powerful Free email with security by Microsoft. http://clk.atdmt.com/GBL/go/196390710/direct/01/ - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org _ Hotmail: Trusted email with Microsoft’s powerful SPAM protection. http://clk.atdmt.com/GBL/go/196390706/direct/01/
How to access files in network drive
Hi - This is more like a general java question. In my web app, I need to read files from a network drive folder, which has access restriction (my account is permitted). During development time, since I am using Eclipse and Tomcat is integrated inside, so both were run under my account, everything works fine, but when deployed onto a testing server, where Tomcat runs using a system account, file access was denied. How to resolve this problem? Is there a way when accessing file, I can pass in a user identity as parameter, or log on first just like access database? Seems java File API does not have this option. Any suggestions are appreciated! William _ Hotmail: Powerful Free email with security by Microsoft. http://clk.atdmt.com/GBL/go/171222986/direct/01/
RE: How to access files in network drive
Thanks for the quick reply - That was exactly what I did and it worked. The problem is that now we have two web apps, each needs to access different drive, each drive has different user access control list - in this case, running Tomcat using one user will only make one app work, while fail another (for security reason, we cannot allow one user to access both drives). So looks like I have to run two Tomcat instances? Thanks, William Date: Sun, 3 Jan 2010 10:48:49 + Subject: Re: How to access files in network drive From: peter.crowt...@melandra.com To: users@tomcat.apache.org 2010/1/3 WM C doublecr...@live.com In my web app, I need to read files from a network drive folder, which has access restriction (my account is permitted). During development time, since I am using Eclipse and Tomcat is integrated inside, so both were run under my account, everything works fine, but when deployed onto a testing server, where Tomcat runs using a system account, file access was denied. How to resolve this problem? Is there a way when accessing file, I can pass in a user identity as parameter, or log on first just like access database? Seems java File API does not have this option. Java is intended to be portable to different OSs. Some don't allow what you want, so the File API doesn't provide it. You will have to resolve the problem through configuration. Run Tomcat on the testing server as a user that has access to the network drive folder. You could do this either by changing the user ID under which Tomcat runs on the testing server, or by granting the test Tomcat's user ID access to the network drive folder. - Peter _ Hotmail: Powerful Free email with security by Microsoft. http://clk.atdmt.com/GBL/go/171222986/direct/01/
data source factory
Hi - I am upgrading a working web app from Tomcat 5.0 to 5.5, and encounter the following data source problem. According to Apache web site, for Tomcat 5.5 configuration, I should use factory=org.apache.tomcat.dbcp.dbcp.BasicDataSourceFactory in Resource for datasource configuration. It works okay for the most jdbc part, except that I got an exception of java.lang.ClassCastException: oracle.sql.CLOB at the line oracle.sql.CLOB clob = (oracle.sql.CLOB) rs.getClob(...) in one DAO method. Since the code works in Tomcat5.0, so I changed factory attribute back to factory=org.apache.commons.dbcp.BasicDataSourceFactory and everything works fine now. No exception thrown anymore. Since this is a kind of a desperate trail and error after scratching my head for a day (true Black Friday :( ) so even though it works, I am wondering if I should use the DataSourceFactory meant to be used for Tomcat 5.0, and if there will be any bad consequences later on. Thanks a lot for any comments - I appreciate! William _ Hotmail: Trusted email with Microsoft's powerful SPAM protection. http://clk.atdmt.com/GBL/go/177141664/direct/01/ http://clk.atdmt.com/GBL/go/177141664/direct/01/
RE: data source factory
Hi Mark - Thanks for the reply, here is the info you asked: Where is the oracle jdbc driver jar located? in web-inf/lib (I am using ojdbc14.jar - btw, according to some forum messages, seems it got problem with jdk5.0, but that's a different story) Where are the commons-dbcp and commons-pool JARs located? in web-inf/lib Exactly which versions of Tomcat, commons-pool and commons-dbcp are you using? it's apache-tomcat-5.5.17 commoms-dbcp version: Implementation-Version: 1.2.1 (got it from MENIFEST file, Build-Jdk: 1.4.1_02 - maybe that's the reason) commons-pool version: Implementation-Version: 1.3 What is the full stack trace? I did not have it, it went to IDE console, did not save. (but it did not generate much info using e.printStackTrace) What is your complete resource definition? Resource name=jdbc/myDS auth=Container type=javax.sql.DataSource maxActive=50 maxIdle=30 maxWait=1 username=xxx password=x driverClassName=oracle.jdbc.driver.OracleDriver factory=org.apache.commons.dbcp.BasicDataSourceFactory url=jdbc:oracle:thin:@nnn.nnn.nnn.nn:1521: removeAbandoned=true / Which file has this resource definition been placed in? at context.xml in META-INF By the way, I am using Eclipse 3.2, jdk1.5.0_14 - I set compiler compliance level 5.0, but set generated .class compatibility to 1.4 and source compatibility to 1.4 . Thanks a lot for the help! William Date: Sat, 28 Nov 2009 10:29:25 + From: ma...@apache.org To: users@tomcat.apache.org Subject: Re: data source factory WM C wrote: Hi - I am upgrading a working web app from Tomcat 5.0 to 5.5, and encounter the following data source problem. According to Apache web site, for Tomcat 5.5 configuration, I should use factory=org.apache.tomcat.dbcp.dbcp.BasicDataSourceFactory in Resource for datasource configuration. It works okay for the most jdbc part, except that I got an exception of java.lang.ClassCastException: oracle.sql.CLOB at the line oracle.sql.CLOB clob = (oracle.sql.CLOB) rs.getClob(...) in one DAO method. Since the code works in Tomcat5.0, so I changed factory attribute back to factory=org.apache.commons.dbcp.BasicDataSourceFactory and everything works fine now. No exception thrown anymore. Since this is a kind of a desperate trail and error after scratching my head for a day (true Black Friday :( ) so even though it works, I am wondering if I should use the DataSourceFactory meant to be used for Tomcat 5.0, and if there will be any bad consequences later on. Thanks a lot for any comments - I appreciate! Where is the oracle jdbc driver jar located? Where are the commons-dbcp and commons-pool JARs located? Exactly which versions of Tomcat, commons-pool and commons-dbcp are you using? What is the full stack trace? What is your complete resource definition? Which file has this resource definition been placed in? Do you want to use Tomcat's built-in connection pool or are you happy with anything as long as it works? Mark - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org _ Windows 7: I wanted simpler, now it's simpler. I'm a rock star. http://www.microsoft.com/Windows/windows-7/default.aspx?h=myidea?ocid=PID24727::T:WLMTAGL:ON:WL:en-US:WWL_WIN_myidea:112009
