Hey! If you are using IBM DB2 you can use their 'encryption' datatype.
Sans adieu, Danny Geeta Ramani wrote: > Thank you, Matt, for your prompt response. We do have our own server, use SSL, > protect our directories, and the database I believe is further protected from the > evil world by firewalls and gateways and views and what not. But your advice seems > to be to do everything we can - I'll follow it and look into encryption/decryption > algorithms then: thanks very much! > Geeta > > Matt Penner wrote: > > > If saving your passwords (or really any sensitive information) in any kind of a > > system whether it is a flat file (txt, XML, etc) or a database there is no sure > > way of keeping this safe. So use as many measures as you can without > > comprimising usability. This way if the OS gets comprimised and the file is > > availabe they wont be able to readily read your information. Especially > > necessary if you're not hosting your own server. The admins aren't supposed to > > look in your files but you can't be too trusting and you're relying on their > > ability to keep the system secure. > > > > The basic idea I have seen is that you use whatever security the OS/Database > > can give you (like you have) as well as an encryption scheme when saving the > > data. > > > > This can be simply your own function which can encrypt / decrypt what you store > > or retrieve from the XML file, or you can go as in depth as you want and use > > some major encryption schemes. > > > > Hope this helps, > > Matt > > > > Quoting Geeta Ramani <[EMAIL PROTECTED]>: > > > > > Hi all: > > > > > > The subject says it all: currently I am storing information that my > > > connection pool uses like database URL, username and password in the > > > web.xml > > > as init-params. I thought that if I secured WEB-INF with go-rwx, this > > > is > > > secure. But in a recent code-review this has been brought into > > > question. > > > So here are my questions: > > > > > > 1. Am I deluding myself that this is safe? > > > 2. If so, is there some way that any of you has solved the problem? > > > > > > I looked in the archives, but all the dicussion with passwords seems > > > to > > > be around the issue of encryting un/pw pairs entered in a browser, for > > > which, of course, SSL and one way encryption can be used. I mention > > > this > > > so my question is not misunderstood. > > > > > > Thanks very much! > > > Geeta > > > > > > ___________________________________________________________________________ > > > To unsubscribe, send email to [EMAIL PROTECTED] and include in the > > > body > > > of the message "signoff SERVLET-INTEREST". > > > > > > Archives: http://archives.java.sun.com/archives/servlet-interest.html > > > Resources: > > > http://java.sun.com/products/servlet/external-resources.html > > > LISTSERV Help: http://www.lsoft.com/manuals/user/user.html > > > > > > > ___________________________________________________________________________ > > To unsubscribe, send email to [EMAIL PROTECTED] and include in the body > > of the message "signoff SERVLET-INTEREST". > > > > Archives: http://archives.java.sun.com/archives/servlet-interest.html > > Resources: http://java.sun.com/products/servlet/external-resources.html > > LISTSERV Help: http://www.lsoft.com/manuals/user/user.html > > ___________________________________________________________________________ > To unsubscribe, send email to [EMAIL PROTECTED] and include in the body > of the message "signoff SERVLET-INTEREST". > > Archives: http://archives.java.sun.com/archives/servlet-interest.html > Resources: http://java.sun.com/products/servlet/external-resources.html > LISTSERV Help: http://www.lsoft.com/manuals/user/user.html ___________________________________________________________________________ To unsubscribe, send email to [EMAIL PROTECTED] and include in the body of the message "signoff SERVLET-INTEREST". Archives: http://archives.java.sun.com/archives/servlet-interest.html Resources: http://java.sun.com/products/servlet/external-resources.html LISTSERV Help: http://www.lsoft.com/manuals/user/user.html
