What about using a servlet parameter for the passwords? They wouldn't be
hard-coded and I assume the web server will allow the parameters to be
stored in a secure fashion? Furthermore, you could encrypt the parameter
or even the password which you hard-code in the .class file.
Tony
Message text written by "A mailing list for discussion about Sun
Microsystem's Java Servlet API Technology."
>a) The .class files are hard-coded with the sa password, which means
that it exists as a legible string within the .class file and can be
read by anyone who gets access to it. While you might restrict access
to the server on which the servlet runs, this is no guarantee, which is
why passwords are usually encrypted in the server's files...
<
___________________________________________________________________________
To unsubscribe, send email to [EMAIL PROTECTED] and include in the body
of the message "signoff SERVLET-INTEREST".
Archives: http://archives.java.sun.com/archives/servlet-interest.html
Resources: http://java.sun.com/products/servlet/external-resources.html
LISTSERV Help: http://www.lsoft.com/manuals/user/user.html
