How have others handled management concerns over storing database userid and password in struts-config.xml?

[Shamdasani Nimmi-ANS004]

Hi,

Here's my problem. My management feels that storing the database 
account(userid/password)in the config file is a security risk. According to them a 
hacker can get access to the whole database if they can get access to this info.

Supposedly the security team wants to put the application server outside the Firewall 
in Quarantine zone and the database behind the FW. 

Did any of you had to go thru this issue and how did you explain/resolve it. 

Can someone help me dispel their concern?

TIA.

-Nimmi