Why not put the file in area that is accessible only to the right users and have the app server run under a user account with the relevant privelages?
Paul > -----Original Message----- > From: Guillermo Meyer [mailto:[EMAIL PROTECTED] > Sent: 11 March 2004 18:59 > To: 'Struts Users Mailing List' > Subject: RE: [OT] Database password > > > Users cant access this file, but the file can be accessed by > people that > is not from Information Security area (Seguridad Informática). The > password shouldnt be known neither by the application > deployer, nor the > system administrator, but only by Information Security people. > > -----Original Message----- > From: Lucas Gonzalez [mailto:[EMAIL PROTECTED] > Sent: Jueves, 11 de Marzo de 2004 03:56 p.m. > To: Struts Users Mailing List > Subject: Re: [OT] Database password > > > If the problem is the user accesing the plain text file by typing the > URL in the browser... > > a better solution would be to tell apache to hide those files... > > > ----- Original Message ----- > From: "Guillermo Meyer" <[EMAIL PROTECTED]> > To: "'Struts Users Mailing List'" <[EMAIL PROTECTED]> > Sent: Thursday, March 11, 2004 3:49 PM > Subject: [OT] Database password > > > > Hi: > > Our Struts application is currently in production. This applciation > > uses an Oracle Database (we are using DBCP from jakarta). We access > > this database through url, user a password and we need to > "hide" the > > production database password. The password is stored in a > > configuration file and is in plain text. > > > > Have you got some "best practices" in this scenario? How > are your Java > > > Applications get connected to production databases and how is the > > database password protected? If we encrypt the password > with 3DES, how > > > should the key be protected? > > > > Cheers. > > Guillermo. > > > > > > NOTA DE CONFIDENCIALIDAD > > Este mensaje (y sus anexos) es confidencial, esta dirigido > > exclusivamente > a las personas direccionadas en el mail y puede contener informacion > (i)de propiedad exclusiva de Interbanking S.A. o (ii) amparada por el > secreto profesional. Cualquier opinion en el contenido, es > exclusiva de > su autor y no representa necesariamente la opinion de > Interbanking S.A. > El acceso no autorizado, uso, reproduccion, o divulgacion esta > prohibido. Interbanking S.A no asumira responsabilidad ni obligacion > legal alguna por cualquier informacion incorrecta o alterada contenida > en este mensaje. Si usted ha recibido este mensaje por error, > le rogamos > tenga la amabilidad de destruirlo inmediatamente junto con todas las > copias del mismo, notificando al remitente. No debera > utilizar, revelar, > distribuir, imprimir o copiar este mensaje ni ninguna de sus partes si > usted no es el destinatario. Muchas gracias. > > > > > --------------------------------------------------------------------- > To unsubscribe, e-mail: [EMAIL PROTECTED] > For additional commands, e-mail: [EMAIL PROTECTED] > > NOTA DE CONFIDENCIALIDAD > Este mensaje (y sus anexos) es confidencial, esta dirigido > exclusivamente a las personas direccionadas en el mail y > puede contener informacion (i)de propiedad exclusiva de > Interbanking S.A. o (ii) amparada por el secreto profesional. > Cualquier opinion en el contenido, es exclusiva de su autor y > no representa necesariamente la opinion de Interbanking S.A. > El acceso no autorizado, uso, reproduccion, o divulgacion > esta prohibido. Interbanking S.A no asumira responsabilidad > ni obligacion legal alguna por cualquier informacion > incorrecta o alterada contenida en este mensaje. Si usted ha > recibido este mensaje por error, le rogamos tenga la > amabilidad de destruirlo inmediatamente junto con todas las > copias del mismo, notificando al remitente. No debera > utilizar, revelar, distribuir, imprimir o copiar este mensaje > ni ninguna de sus partes si usted no es el destinatario. > Muchas gracias. > > > > --------------------------------------------------------------------- > To unsubscribe, e-mail: [EMAIL PROTECTED] > For additional commands, e-mail: [EMAIL PROTECTED] > ************************************** Axios Email Confidentiality Footer Privileged/Confidential Information may be contained in this message. If you are not the addressee indicated in this message (or responsible for delivery of the message to such person), you may not copy or deliver this message to anyone. In such case, you should destroy this message, and notify us immediately. If you or your employer does not consent to Internet email messages of this kind, please advise us immediately. Opinions, conclusions and other information expressed in this message are not given or endorsed by my Company or employer unless otherwise indicated by an authorised representative independent of this message. WARNING: While Axios Systems Ltd takes steps to prevent computer viruses from being transmitted via electronic mail attachments we cannot guarantee that attachments do not contain computer virus code. You are therefore strongly advised to undertake anti virus checks prior to accessing the attachment to this electronic mail. Axios Systems Ltd grants no warranties regarding performance use or quality of any attachment and undertakes no liability for loss or damage howsoever caused. --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
