User Profile/Password Storage Concerns

[Bj...@aol.com]

Hi,

In the Struts example,  the user details *and* password are stored together 
in an XML file. In a real web application, would it be better (and secure) if 
 the password is placed in another file?

Also, I'm thinking of storing them not in XML but in a 'normal' database like 
DB2. What could be the advantages/disadvantages of doing this?

Thanks in advance.

-Dingdong

Re: User Profile/Password Storage Concerns

[Ted Husted <ne...@husted.com>]

The database servlet in the Example application has the advantage of
being able to run "out of the box", without going to the trouble of
installing a real JDBC DBMS, like PostGresSQL, MySQL, et al. 

For several reasons, the Example database servlet would not scale in a
multiuser environment, and so, yes, in a production application, you
would use a JDBC DBMS, for all the usual reasons.

I'm working on the some sample JDBC utilities now. Yesterday's example
is at < http://husted.com/about/struts >. Tomorrow's version should
include examples of filling form fields with database results, and
maybe a JSP for sending an arbitrary query, and getting back a dynamic
HTML table.

*********** REPLY SEPARATOR ***********

On 1/4/2001 at 3:46 PM Bjagoring@aol.com wrote:Hi, 

In the Struts example,  the user details *and* password are stored
together 
in an XML file. In a real web application, would it be better (and
secure) if 
 the password is placed in another file? 

Also, I'm thinking of storing them not in XML but in a 'normal'
database like 
DB2. What could be the advantages/disadvantages of doing this? 

Thanks in advance. 

-Dingdong