database but
with luck you have that behind a firewall.
Jeff
-Original Message-
From: Mohamed Tagari [mailto:[EMAIL PROTECTED]
Sent: Thursday, June 05, 2003 9:05 AM
To: Tomcat Users List
Subject: Re: security of server.xml
HI,
the database contains sensitive information and so the
n Amazon, too. LOL
John
On Fri, 6 Jun 2003 14:24:34 -0400, Phillip Qin <[EMAIL PROTECTED]> wrote:
Is your book out? I couldn't find in local bookstore.
-Original Message-
From: John Turner [mailto:[EMAIL PROTECTED] Sent: June 6, 2003
2:19 PM
To: Tomcat Users List
Subject: R
Is your book out? I couldn't find in local bookstore.
-Original Message-
From: John Turner [mailto:[EMAIL PROTECTED]
Sent: June 6, 2003 2:19 PM
To: Tomcat Users List
Subject: Re: security of server.xml
Java code can be decompiled. Easily.
Rogue classes can be inserted into impro
Java code can be decompiled. Easily.
Rogue classes can be inserted into improperly configured packages. There's
plenty more.
If your UNIX-like OS is unstable enough to allow a file owned by root with
permissions of 700 be viewable to various untrusted users, you've got
bigger concerns on you
HI,
the database contains sensitive information and so the password and
username should not be available even as a read only..
Due to the sensitivity of the data it could be seen viable to recompile
the code, and redeploy your application.
mo
On Thu, 5 Jun 2003, John Turner wrote:
>
> Well
TC 3.3.x has a variable-replacement option, which is very nice for this sort
of thing. Unfortunately, it hasn't been ported to TC 4.x.
"Mohamed Tagari" <[EMAIL PROTECTED]> wrote in message
news:[EMAIL PROTECTED]
> Hi,
>
> Is there any way of taking the password and username for connecting to a
>
Well, if you put in code, then every time it changes you need to recompile
your code, and redeploy your application.
If you put it in server.xml, you don't ever have to do that.
The security on server.xml is easy:
chmod 700 TOMCAT_USER
TOMCAT_USER = whatever user Tomcat runs as
John
On Thu,
Hi,
Is there any way of taking the password and username for connecting to a
database out of the server.xml, and placing it in code before the lookup
is done on this?? As having the username and password as plain text is not
very secure..
// java code
Context init = new InitialContext();
Conte