It is possible to define the element as an entity in server.xml: |<!ENTITY secure_resource SYSTEM "http://somewhere.com/resource.xml";>|
and then replace the Resource element with the entity: &|secure_resource Because the entity resolves to an external source, this source can be generated dynamically, by a script for example. This script could potentially be limited in execution to the tomcat user/instance. Other users who can possibly read the script that generates the the username/password, but not execute it, cannot get the username/password. Regards, Simon | On 29/10/10 10:19, 彬 乔 wrote: > Dears, > > We are using Tomcat 5.5.20 in a RHEL 64bit box. The application running on it > is a financial system. An internal audit indicated that we should not use > plain text username and password in the server.xml, as: > > <Resource name="jdbc/JiraDS" auth="Container" type="javax.sql.DataSource" > username="user" > password="password" > ... > /> > > Is there a way to use encrypted username and password in the server.xml file? > Or, use the username and password as parameters of the startup command, > instead of leaving them as plain text in the server.xml? > > Thanks, > > Roy Qiao > > > > > > --------------------------------------------------------------------- > To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org > For additional commands, e-mail: users-h...@tomcat.apache.org > > > --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
