On Nov 13, 2008, at 12:31 PM, Christopher Schultz wrote:
Kevin Nash wrote:
I have a data resource defined in the server.xml and I wish to
[encrypt the] database
password.
This question comes up occasionally. Things to consider:
1. If you encrypt the password in context.xml, where will you store
the
password for your encryption key to decrypt it?
2. If you encrypt your decryption key for step 1, where will you put
the
password for your encryption key to decrypt it?
3. See step 2.
The only way to break this cycle is to provide a password manually
(say,
from the console) during application or app-server startup. That
precludes unattended restarts, which is basically a deal-breaker for a
production system.
Have I convinced you yet? ;)
And you tell this all to your client and they still want it :)
---------------------------------------------------------------------
To start a new topic, e-mail: users@tomcat.apache.org
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
