Hi all: The subject says it all: currently I am storing information that my connection pool uses like database URL, username and password in the web.xml as init-params. I thought that if I secured WEB-INF with go-rwx, this is secure. But in a recent code-review this has been brought into question. So here are my questions:
1. Am I deluding myself that this is safe? 2. If so, is there some way that any of you has solved the problem? I looked in the archives, but all the dicussion with passwords seems to be around the issue of encryting un/pw pairs entered in a browser, for which, of course, SSL and one way encryption can be used. I mention this so my question is not misunderstood. Thanks very much! Geeta ___________________________________________________________________________ To unsubscribe, send email to [EMAIL PROTECTED] and include in the body of the message "signoff SERVLET-INTEREST". Archives: http://archives.java.sun.com/archives/servlet-interest.html Resources: http://java.sun.com/products/servlet/external-resources.html LISTSERV Help: http://www.lsoft.com/manuals/user/user.html
