Also depends on from whom you want to hide the credentials. If it's from web client, then based on servlet specifications "The files inside the WEB-INF folder cannot be accessible by the web client". If you want to protect from console access users then you can protect by defining access rights to the web deployment.
ST On Mon, 2003-06-09 at 14:42, Chad Johnson wrote: > Just a thought, I can't see how having the username and password in code > is any more secure. Prying eyes could have equal access to both. > > Chad Johnson > Web Services Developer > WS Packaging - Wisconsin Label > Tel:(920)487-6271 > > > -----Original Message----- > From: Mohamed Tagari [mailto:[EMAIL PROTECTED] > Sent: Monday, June 09, 2003 9:32 AM > To: [EMAIL PROTECTED] > Subject: security of server.xml in tomcat > > > Hi, > > Is there any way of instantiating the password and username > parameters for connecting to a database in the application code rather > than having it as plain text in the server.xml. > > As having the username and password as plain text is not > very secure.. > > Any help/information will be apprectiated.. > > The database will be containing sensitive information, hence all > passwords > and usernames have to be protected.. > > // java code > Context init = new InitialContext(); > Context ctx = (Context) init.lookup("java:comp/env"); DataSource ds = > (DataSource) ctx.lookup("jdbc/myoracle"); > > > > // extract from server.xml > <Resource name="jdbc/myoracle" auth="Container" > type="javax.sql.DataSource"/> > > <ResourceParams name="jdbc/myoracle"> > . > . > . > <parameter> > <name>username</name> > <value>scott</value> > </parameter> > <parameter> > <name>password</name> > <value>tiger</value> > </parameter> > . > . > </ResourceParams> > > mo > > > > --------------------------------------------------------------------- > To unsubscribe, e-mail: [EMAIL PROTECTED] > For additional commands, e-mail: [EMAIL PROTECTED] > > > --------------------------------------------------------------------- > To unsubscribe, e-mail: [EMAIL PROTECTED] > For additional commands, e-mail: [EMAIL PROTECTED] -- Sri Thuraisamy <[EMAIL PROTECTED]> --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
