Hello, I'm using apache-tomcat-5.5.26, Oracle 10.2.0.3, java version "1.5.0_14"
I have a data resource defined in the server.xml and I wish to create a digest of the database password. <Resource name="jdbc/oracle" auth="Container" type="javax.sql.DataSource" username="username" password="plaintxt" driverClassName="oracle.jdbc.driver.OracleDriver" url="jdbc:oracle:thin:@hostname:1522:databasename" maxActive="20" maxIdle="10"> </Resource> I was wondering is it possible to do this in a similar fashion to creating a digest of the passwords in the tomcat-users.xml file 1. Create password digest using SHA $ ./digest.sh -a SHA password password:5baa61e4c9b93f3f0682250b6cf8331b7ee68fd8 2. Update the password in tomcat-users.xml <user username="tomcat" password="5baa61e4c9b93f3f0682250b6cf8331b7ee68fd8" roles="tomcat,manager"/> 3. Update the server.xml <Realm className="org.apache.catalina.realm.UserDatabaseRealm" resourceName="UserDatabase" digest="SHA" /> I've searched for a solution for encrypting the data resource password and I've come across the following solutions. 1. Manage the connection pool in the application not the application server. 2. Authenticate using the application, i.e. set auth="Application" 3. Or extends BasicDataSourceFactory to accept an encrypted password. These solutions are described in this interesting article http://java.sys-con.com/node/393364/print I was wondering is there a fourth solution as simple as creating digests of passwords for users in the tomcat-users.xml file? Thanks for your help, Kevin Nash