On 29/10/2010 14:19, Darryl Lewis wrote: > Are you serious? Completely. If you have a scheme that encrypts the database username and password in server.xml and provides genuine additional security over and above limiting access to server.xml to the user running Tomcat (and root) I'd love to hear it. I'd also be amazed.
> Why do we bother with SSL then? Lets just send everything in clear text... Different information in a different environment with different threats. I never said passwords should never be protected. I was quite specific that trying to encrypt usernames and passwords in server.xml (or context.xml for that matter) for database resources is a complete waste of time. Mark --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org