You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@cocoon.apache.org by Enke Michael <Mi...@wincor-nixdorf.com> on 2001/08/28 11:21:45 UTC
Q: DB-password clear text?
Hi!
Is there a possibility or would it be
easy to implement to have the DB password
encrypted in some kind (in *.xsp or cocoon.xconf)?
This doesn't mean a state of the art
encryption (too complicated!?), but only
that not everybody can have direct access
to the database.
Regards,
Michael
---------------------------------------------------------------------
Please check that your question has not already been answered in the
FAQ before posting. <http://xml.apache.org/cocoon/faqs.html>
To unsubscribe, e-mail: <co...@xml.apache.org>
For additional commands, e-mail: <co...@xml.apache.org>
Re: Q: DB-password clear text?
Posted by Mariano Kamp <mk...@codamax.com>.
Michael,
to prevent unauthorised pesonnel to look at the password you could probably
unset the read flag of their group.
Mariano
On Tuesday 28 August 2001 22:38, Martin Man wrote:
> On Tue, Aug 28, 2001 at 11:21:45AM +0200, Enke Michael wrote:
> > Hi!
> > Is there a possibility or would it be
> > easy to implement to have the DB password
> > encrypted in some kind (in *.xsp or cocoon.xconf)?
>
> as long as the direct JDBC connection requires plaintext passwords (and yes
> all existing JDBC driver implementations require plaintext) it's absolutely
> useless to add encryption to another layer.
>
> anyway passwords are stored in a file on the server and JDBC connection is
> usually made via localhost loopback, therefore password sniffing is almost
> impossible and cocoon.xconf or whichever file the password actually
> contains is not readable by ordinary users via web...
>
> > This doesn't mean a state of the art
> > encryption (too complicated!?), but only
> > that not everybody can have direct access
> > to the database.
>
> don't get this, if there is a password that only admin knows, then
> anyone who does not know it does not have the access to
> the database or am I wrong ???
>
> > Regards,
> > Michael
>
> rgds,
> martin
---------------------------------------------------------------------
Please check that your question has not already been answered in the
FAQ before posting. <http://xml.apache.org/cocoon/faqs.html>
To unsubscribe, e-mail: <co...@xml.apache.org>
For additional commands, e-mail: <co...@xml.apache.org>
Re: Q: DB-password clear text?
Posted by Martin Man <Ma...@seznam.cz>.
On Tue, Aug 28, 2001 at 11:21:45AM +0200, Enke Michael wrote:
> Hi!
> Is there a possibility or would it be
> easy to implement to have the DB password
> encrypted in some kind (in *.xsp or cocoon.xconf)?
as long as the direct JDBC connection requires plaintext passwords (and yes
all existing JDBC driver implementations require plaintext) it's absolutely
useless to add encryption to another layer.
anyway passwords are stored in a file on the server and JDBC connection is
usually made via localhost loopback, therefore password sniffing is almost
impossible and cocoon.xconf or whichever file the password actually contains
is not readable by ordinary users via web...
> This doesn't mean a state of the art
> encryption (too complicated!?), but only
> that not everybody can have direct access
> to the database.
don't get this, if there is a password that only admin knows, then
anyone who does not know it does not have the access to
the database or am I wrong ???
>
> Regards,
> Michael
>
rgds,
martin
--
-------------------------------------------------------------------------------
"Only dead fish swims with a stream" Malcolm Muggeridge
gpg_key_available: http://globales.cz/~mman/martin.man.gpg
gpg_key_fingerprint: 2CC0 4AF6 92DA 5CBF 5F09 7BCB 6202 7024 6E06 0223
---------------------------------------------------------------------
Please check that your question has not already been answered in the
FAQ before posting. <http://xml.apache.org/cocoon/faqs.html>
To unsubscribe, e-mail: <co...@xml.apache.org>
For additional commands, e-mail: <co...@xml.apache.org>