Just a thought, I can't see how having the username and password in code is any more secure. Prying eyes could have equal access to both.
Chad Johnson Web Services Developer WS Packaging - Wisconsin Label Tel:(920)487-6271 -----Original Message----- From: Mohamed Tagari [mailto:[EMAIL PROTECTED] Sent: Monday, June 09, 2003 9:32 AM To: [EMAIL PROTECTED] Subject: security of server.xml in tomcat Hi, Is there any way of instantiating the password and username parameters for connecting to a database in the application code rather than having it as plain text in the server.xml. As having the username and password as plain text is not very secure.. Any help/information will be apprectiated.. The database will be containing sensitive information, hence all passwords and usernames have to be protected.. // java code Context init = new InitialContext(); Context ctx = (Context) init.lookup("java:comp/env"); DataSource ds = (DataSource) ctx.lookup("jdbc/myoracle"); // extract from server.xml <Resource name="jdbc/myoracle" auth="Container" type="javax.sql.DataSource"/> <ResourceParams name="jdbc/myoracle"> . . . <parameter> <name>username</name> <value>scott</value> </parameter> <parameter> <name>password</name> <value>tiger</value> </parameter> . . </ResourceParams> mo --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
