You are viewing a plain text version of this content. The canonical link for it is here.
Posted to user@struts.apache.org by Shamdasani Nimmi-ANS004 <AN...@motorola.com> on 2001/09/05 17:59:34 UTC
RE: How have others handled management concerns over storing data
base userid and password in struts-config.xml?
I am using struts way of handling database using struts-config.xml. Where would I encrypt it?
-----Original Message-----
From: Ernest Jones [mailto:ejones@netopia.com]
Sent: Wednesday, September 05, 2001 10:46 AM
To: struts-user@jakarta.apache.org
Subject: Re: How have others handled management concerns over storing
database userid and password in struts-config.xml?
If they're not getting the firewall reasoning, you could encrypt it, using
sun's JCE api's. That might help your bosses feel better.
----- Original Message -----
From: "Shamdasani Nimmi-ANS004" <AN...@motorola.com>
To: "struts-user@jakarta. apache. org (E-mail)"
<st...@jakarta.apache.org>
Sent: Wednesday, September 05, 2001 9:24 AM
Subject: How have others handled management concerns over storing database
userid and password in struts-config.xml?
> Hi,
>
> Here's my problem. My management feels that storing the database
account(userid/password)in the config file is a security risk. According to
them a hacker can get access to the whole database if they can get access to
this info.
>
> Supposedly the security team wants to put the application server outside
the Firewall in Quarantine zone and the database behind the FW.
>
> Did any of you had to go thru this issue and how did you explain/resolve
it.
>
> Can someone help me dispel their concern?
>
> TIA.
>
> -Nimmi
>
Re: How have others handled management concerns over storing database userid and password in struts-config.xml?
Posted by Ernest Jones <ej...@netopia.com>.
My mistake. I don't know. Sorry.
----- Original Message -----
From: "Shamdasani Nimmi-ANS004" <AN...@motorola.com>
To: <st...@jakarta.apache.org>
Sent: Wednesday, September 05, 2001 9:59 AM
Subject: RE: How have others handled management concerns over storing
database userid and password in struts-config.xml?
> I am using struts way of handling database using struts-config.xml. Where
would I encrypt it?
>
> -----Original Message-----
> From: Ernest Jones [mailto:ejones@netopia.com]
> Sent: Wednesday, September 05, 2001 10:46 AM
> To: struts-user@jakarta.apache.org
> Subject: Re: How have others handled management concerns over storing
> database userid and password in struts-config.xml?
>
>
> If they're not getting the firewall reasoning, you could encrypt it, using
> sun's JCE api's. That might help your bosses feel better.
>
> ----- Original Message -----
> From: "Shamdasani Nimmi-ANS004" <AN...@motorola.com>
> To: "struts-user@jakarta. apache. org (E-mail)"
> <st...@jakarta.apache.org>
> Sent: Wednesday, September 05, 2001 9:24 AM
> Subject: How have others handled management concerns over storing database
> userid and password in struts-config.xml?
>
>
> > Hi,
> >
> > Here's my problem. My management feels that storing the database
> account(userid/password)in the config file is a security risk. According
to
> them a hacker can get access to the whole database if they can get access
to
> this info.
> >
> > Supposedly the security team wants to put the application server outside
> the Firewall in Quarantine zone and the database behind the FW.
> >
> > Did any of you had to go thru this issue and how did you explain/resolve
> it.
> >
> > Can someone help me dispel their concern?
> >
> > TIA.
> >
> > -Nimmi
> >