Alan and Johnny, I agree with Alan. I'm using the same scheme to save passwords in database, and SSL too. But, Johnny's answer help me understand some things. Johnny, when you say: > So in those organization Tomcat is probably behind the second internal firewall > for staff to use as well. What do you mean? If you have a Tomcat inside a DMZ, usually we have one firewall, that separates internet from intranet, i.e., the firewall filters requests that comes from de outside. Isn't that?
Thanks, Regards, Bárbara Vieira -----Original Message----- From: Alan Chaney [mailto:[EMAIL PROTECTED] Sent: quarta-feira, 9 de Janeiro de 2008 14:10 To: Tomcat Users List Subject: Re: Why use a Web Server over Tomcat? > > One reason for doing this, is again not whether IIS or APACHE is better > although APACHE on linux in the > hands of a guru is very good, its because Tomcat carries clear text > passwords, so if a hacker did > get at the machine, they would probably see the Active X LDAP master > password, I don't understand this comment at all. 'Passwords' in tomcat can be managed by a whole host of authentication schemes. I use SSL to protect access to the password on the net and MD5 encoded passwords in a database for user authentication and access control. It depends entirely upon how you configure your system. Regards Alan > > > > --------------------------------------------------------------------- > To start a new topic, e-mail: users@tomcat.apache.org > To unsubscribe, e-mail: [EMAIL PROTECTED] > For additional commands, e-mail: [EMAIL PROTECTED] > > > > !DSPAM:4784031b130881839419991! > --------------------------------------------------------------------- To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] --------------------------------------------------------------------- To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]