Alan and Johnny,
I agree with Alan. I'm using the same scheme to save passwords in database,
and SSL too.
But, Johnny's answer help me understand some things. 
Johnny, when you say:
> So in those organization Tomcat is probably behind the second internal
firewall 
> for staff to use as well.
What do you mean? If you have a Tomcat inside a DMZ, usually we have one
firewall, that separates internet from intranet, i.e., the firewall filters
requests that comes from de outside. Isn't that?

Thanks, 
Regards,
Bárbara Vieira
 

-----Original Message-----
From: Alan Chaney [mailto:[EMAIL PROTECTED] 
Sent: quarta-feira, 9 de Janeiro de 2008 14:10
To: Tomcat Users List
Subject: Re: Why use a Web Server over Tomcat?


> 
> One reason for doing this, is again not whether IIS or APACHE is better 
> although APACHE on linux in the
> hands of a guru is very good, its because Tomcat carries clear text 
> passwords, so if a hacker did
> get at the machine, they would probably see the Active X LDAP master 
> password, 

I don't understand this comment at all. 'Passwords' in tomcat can be 
managed by a whole host of authentication schemes. I use SSL to protect 
access to the password on the net and MD5 encoded passwords in a 
database for user authentication and access control. It depends entirely 
upon how you configure your system.

Regards

Alan

> 
> 
> 
> ---------------------------------------------------------------------
> To start a new topic, e-mail: users@tomcat.apache.org
> To unsubscribe, e-mail: [EMAIL PROTECTED]
> For additional commands, e-mail: [EMAIL PROTECTED]
> 
> 
> 
> !DSPAM:4784031b130881839419991!
> 

---------------------------------------------------------------------
To start a new topic, e-mail: users@tomcat.apache.org
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]




---------------------------------------------------------------------
To start a new topic, e-mail: users@tomcat.apache.org
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

Reply via email to