Jacob Kjome wrote: >Can someone comment on this? I'd really like to know if I can digest >the passwords that I use for my configuration in the Server.xml for >DBCP Datasources. Is it possible? If not, is it planned? > >Jake > I will leave it to one of the developers to comment on what may be planned; but I do not think that what you want to do -- protect the uid/pwd data in the config file is currently supported. It looks to me as though the JDBC Datasource provided in Tomcat 4 uses exactly what you have in server.xml to connect to the database. Hashing would add no value here, since the hash would be visible in the config file.
If what you really want to do is to protect the uid/pwd info in the file, you need to encrypt (not hash) these data and then create your own resource factory that decrypts before attempting the database connection. I am also curious about what may be in the works here. Are there any plans to support a "crypto-enabled" version of the commons digester to allow entire config files to be encrypted? Phil Steitz > > >Thursday, August 01, 2002, 1:00:16 PM, you wrote: > > >JK> Seems to me someone wrote about this before, but I can't find it. I'm >JK> wondering if passwords can be digested in JNDI Resource configuration >JK> just like one can in the Realm configurations? I'd rather not store >JK> the password for my database in cleartext. The Resource docs don't >JK> seem to mention anything about digesting passwords. Is it not >JK> possible? If not now, is this feature planned? I'm using >JK> Tomcat-4.1.8. > >JK> Jake > > >JK> -- >JK> To unsubscribe, e-mail: <mailto:[EMAIL PROTECTED]> >JK> For additional commands, e-mail: <mailto:[EMAIL PROTECTED]> > > > -- To unsubscribe, e-mail: <mailto:[EMAIL PROTECTED]> For additional commands, e-mail: <mailto:[EMAIL PROTECTED]>
