RE: security of server.xml

2003-06-06 Thread PELOQUIN,JEFFREY (HP-Boise,ex1)
database but with luck you have that behind a firewall. Jeff -Original Message- From: Mohamed Tagari [mailto:[EMAIL PROTECTED] Sent: Thursday, June 05, 2003 9:05 AM To: Tomcat Users List Subject: Re: security of server.xml HI, the database contains sensitive information and so the

Re: security of server.xml

2003-06-06 Thread John Turner
n Amazon, too. LOL John On Fri, 6 Jun 2003 14:24:34 -0400, Phillip Qin <[EMAIL PROTECTED]> wrote: Is your book out? I couldn't find in local bookstore. -Original Message- From: John Turner [mailto:[EMAIL PROTECTED] Sent: June 6, 2003 2:19 PM To: Tomcat Users List Subject: R

RE: security of server.xml

2003-06-06 Thread Phillip Qin
Is your book out? I couldn't find in local bookstore. -Original Message- From: John Turner [mailto:[EMAIL PROTECTED] Sent: June 6, 2003 2:19 PM To: Tomcat Users List Subject: Re: security of server.xml Java code can be decompiled. Easily. Rogue classes can be inserted into impro

Re: security of server.xml

2003-06-06 Thread John Turner
Java code can be decompiled. Easily. Rogue classes can be inserted into improperly configured packages. There's plenty more. If your UNIX-like OS is unstable enough to allow a file owned by root with permissions of 700 be viewable to various untrusted users, you've got bigger concerns on you

Re: security of server.xml

2003-06-06 Thread Mohamed Tagari
HI, the database contains sensitive information and so the password and username should not be available even as a read only.. Due to the sensitivity of the data it could be seen viable to recompile the code, and redeploy your application. mo On Thu, 5 Jun 2003, John Turner wrote: > > Well

Re: security of server.xml

2003-06-05 Thread Bill Barker
TC 3.3.x has a variable-replacement option, which is very nice for this sort of thing. Unfortunately, it hasn't been ported to TC 4.x. "Mohamed Tagari" <[EMAIL PROTECTED]> wrote in message news:[EMAIL PROTECTED] > Hi, > > Is there any way of taking the password and username for connecting to a >

Re: security of server.xml

2003-06-05 Thread John Turner
Well, if you put in code, then every time it changes you need to recompile your code, and redeploy your application. If you put it in server.xml, you don't ever have to do that. The security on server.xml is easy: chmod 700 TOMCAT_USER TOMCAT_USER = whatever user Tomcat runs as John On Thu,

security of server.xml

2003-06-05 Thread Mohamed Tagari
Hi, Is there any way of taking the password and username for connecting to a database out of the server.xml, and placing it in code before the lookup is done on this?? As having the username and password as plain text is not very secure.. // java code Context init = new InitialContext(); Conte