You are viewing a plain text version of this content. The canonical link for it is here.
Posted to user@struts.apache.org by Bj...@aol.com on 2001/01/04 21:46:32 UTC
User Profile/Password Storage Concerns
Hi,
In the Struts example, the user details *and* password are stored together
in an XML file. In a real web application, would it be better (and secure) if
the password is placed in another file?
Also, I'm thinking of storing them not in XML but in a 'normal' database like
DB2. What could be the advantages/disadvantages of doing this?
Thanks in advance.
-Dingdong
Re: User Profile/Password Storage Concerns
Posted by Ted Husted <ne...@husted.com>.
The database servlet in the Example application has the advantage of
being able to run "out of the box", without going to the trouble of
installing a real JDBC DBMS, like PostGresSQL, MySQL, et al.
For several reasons, the Example database servlet would not scale in a
multiuser environment, and so, yes, in a production application, you
would use a JDBC DBMS, for all the usual reasons.
I'm working on the some sample JDBC utilities now. Yesterday's example
is at < http://husted.com/about/struts >. Tomorrow's version should
include examples of filling form fields with database results, and
maybe a JSP for sending an arbitrary query, and getting back a dynamic
HTML table.
*********** REPLY SEPARATOR ***********
On 1/4/2001 at 3:46 PM Bjagoring@aol.com wrote:Hi,
In the Struts example, the user details *and* password are stored
together
in an XML file. In a real web application, would it be better (and
secure) if
the password is placed in another file?
Also, I'm thinking of storing them not in XML but in a 'normal'
database like
DB2. What could be the advantages/disadvantages of doing this?
Thanks in advance.
-Dingdong