> https://cwiki.apache.org/confluence/display/TOMCAT/Password
Well, I know a chief open source app server that has the password to decrypt all passwords buried in its open source, and I know auditors who are good if root cannot read passwords at first sight. The reasoning behind that is that running java -jar someappserverlib.jar -decrypt is a deliberate act that a god guy root does not do. So a hidden password is a step better, even if not in the cryptographic sense. Am Fr., 26. Juni 2020 um 15:25 Uhr schrieb Olaf Kock <tom...@olafkock.de>: > > > On 26.06.20 15:05, FANG YAP wrote: > > Hi Tomcat, > > > > I would like to know how to encrypt and decrypt the database password in > > context.xml when the application is running which also allow me to change > > the db password for the purpose of security. > > > https://cwiki.apache.org/confluence/display/TOMCAT/Password > > > > > --------------------------------------------------------------------- > To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org > For additional commands, e-mail: users-h...@tomcat.apache.org > --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org