This might be one way to elevate compliance. If you can read the database password from the database, you win (some sort of) prizes. :D
Search for Plain Ol' Java: http://people.apache.org/~fhanik/jdbc-pool/jdbc-pool.html JBoss used to compile the password into a runtime IOC pattern, but it could still be hacked, but not as likely to have a day-to-day systems admin stumble upon it. On 4/8/23, Kevin Huntly <kmhun...@gmail.com> wrote: > okay that's fair > > On Sat, Apr 8, 2023, 14:31 Thomas Hoffmann (Speed4Trade GmbH) > <thomas.hoffm...@speed4trade.com.invalid> wrote: > >> Hello, >> >> > -----Ursprüngliche Nachricht----- >> > Von: Kevin Huntly <kmhun...@gmail.com> >> > Gesendet: Samstag, 8. April 2023 19:40 >> > An: users@tomcat.apache.org >> > Betreff: just wondering.. encryption in context.xml? >> > >> > is there currently a method for encrypting or otherwise obfuscating >> passwords >> > (like for MySQL) in the context.mxl >> > ________________________________________________ >> > >> > Kevin Huntly >> > Email: kmhun...@gmail.com >> > Cell: 716/424-3311 >> > ________________________________________________ >> >> You might use environment variables or java system properties. >> If someone has access to your context.xml, then your server is >> compromised >> anyway. >> >> Greetings, >> Thomas >> >> --------------------------------------------------------------------- >> To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org >> For additional commands, e-mail: users-h...@tomcat.apache.org >> > --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
