How does it validate itself to that common location, without a password?
-- Gregory Dougherty Sr. Analyst/Programmer | Information Technology Information Technology (507) 284-8493 | dougherty.greg...@mayo.edu On 2/12/16, 2:46 PM, "Leo Donahue" <donahu...@gmail.com> wrote: >On Feb 12, 2016 2:35 PM, "Dougherty, Gregory T., M.S." < >dougherty.greg...@mayo.edu> wrote: >> >> You are correct, I¹m trying to authorize the web app, not the user. >> >> Goal: I am trying to come up with a way for a Tomcat app to securely >>store >> and retrieve the password it needs to access a DB. >> >> My definition of ³secure² includes ³there exist no files with an >> unencrypted copy of the password². IIUC, JNDI fails this test. >> >> My requirements include that all web app components are checked in to a >> source control system that malicious users can have read access to. >> -- >> Gregory Dougherty > >This is a secure password question? > >This task falls more in line with your enterprise architecture than with a >simple common jar file. > >Think about how you could implement your own data source that reads >encrypted passwords from some common location. > >The Tomcat "app" should not have anything to do with this. > >Leo
