Encrypt the username and passwords using Realm configuration. You should always assume there is the possibility that a user will get access to the system via a badly written program. Whilst they might get some system access, you should make it as difficult as possible for them to jump to the next box.
If you give read access on server.xml only to root user, it requires that Tomcat is started with root privileges, which is really bad. If a person gets access, they automatically get root privildges. Then entire idea is to make it difficult for a person to get very far quickly. If you run TC as a non-root user, even if they crack the app to get system access, they still have to go further to get root. On 29/10/10 10:42 PM, "Pid" <p...@pidster.com> wrote: > On 29/10/2010 12:03, Darryl Lewis wrote: >> No one should, but I had a supplier recommend to run their application as >> root. All their scripts and configuration instructions were for running as >> root. >> Needless to say I didn't run it as that and rewrote their installation >> scripts. >> Now I have to try and convince them that storing the database connection >> username and passwords in plaintext are a bad idea... > > What is the alternative? > > If the config files containing that information are only readable by the > user running Tomcat, and that user doesn't have login access - assuming > you're using the service wrapper script to start up, then the > information is protected, no? > > > p --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
