-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Richard,
Richard DeGrande wrote: > The ability to store encrypted passwords doesn't necessarily have to > be used to protect the system from hackers. This would be a GREAT > feature to enforce the responsibilities between different roles in a > development environment. I solve this problem by using a replaceable set of credentials in the context.xml file (where I set up my connection pool). When I deploy using ant, the values are pulled-in from ~/.ant.properties which can be set per user. In production, the installing user has their own set of credentials. The creds are left out of revision tracking, so "mere" developers never know the production creds. > Also, The encryption doesn't have to be > full proof, it just needs to be a deterrent. The point is that encryption such as this only protects against accidental disclosure of a password. The password must be decrypted using a key which is in plain text, so there's no effective security. > For the most part it is > the people with shell access that I want to remove the ability to > read the passwords from. Then make your files readable only by the user under which Tomcat is run. > Sometimes security through obscurity is enough. No. Security through obscurity only protects against accidental disclosure among friendly users. There are better ways to achieve this goal (such as using file permissions). The bottom line is that I don't know of any connection pool that supports encrypted passwords in the configuration, so this discussion is entirely academic. - -chris -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.7 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFGN2GB9CaO5/Lv0PARAkh7AJ4y+XtFehqMEPsH2N5gxU8pORFxNACcCKni 5gAw3sITPMr0lFhzGwSDHQQ= =C5m4 -----END PGP SIGNATURE----- --------------------------------------------------------------------- To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
