You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@tomcat.apache.org by Rob Tanner <rt...@linfield.edu> on 2002/05/08 20:32:47 UTC
Securing web.xml
Hi,
I'm writing an application that requires r/w access to a database and
I'm concerned with securing the access credentials (username/passwd) so
that someone can't simply read the file that contains them. Please
note, I am not talking about a SecurityManager issue but rather
securing a file from access outside of java.
One solution is to root secure the file (i.e., restricting system level
read privleges to "root"), but then I'd need to run tomcat as root. Is
that I good idea? The other option is to add the credentials as
environment variables in apache's configuration where root securing the
file is simple. Is there someway I can provide arbitrary apache
configuration data to my servlet via tomcat? Is there a third
possibility I haven't thought of.
Thanks,
Rob
_ _ _ _ _ _ _ _ _ _
/\_\_\_\_\ /\_\ /\_\_\_\_\_\
/\/_/_/_/_/ /\/_/ \/_/_/_/_/_/ QUIDQUID LATINE DICTUM SIT,
/\/_/__\/_/ __ /\/_/ /\/_/ PROFUNDUM VIDITUR
/\/_/_/_/_/ /\_\ /\/_/ /\/_/
/\/_/ \/_/ /\/_/_/\/_/ /\/_/ (Whatever is said in Latin
\/_/ \/_/ \/_/_/_/_/ \/_/ appears profound)
Rob Tanner
UNIX and Networks Manager
Linfield College, McMinnville OR
(503) 434-2558 <rt...@linfield.edu>
--
To unsubscribe, e-mail: <ma...@jakarta.apache.org>
For additional commands, e-mail: <ma...@jakarta.apache.org>
Re: Securing web.xml
Posted by Mark Udstrand <mu...@CompleteIS.com>.
One approach would be to encrypt the username and password stored in the
file and then decrypt the values before authenticating.
M.
----- Original Message -----
From: "Rob Tanner" <rt...@linfield.edu>
To: "tomcat" <to...@jakarta.apache.org>
Sent: Wednesday, May 08, 2002 1:32 PM
Subject: Securing web.xml
> Hi,
>
> I'm writing an application that requires r/w access to a database and
> I'm concerned with securing the access credentials (username/passwd) so
> that someone can't simply read the file that contains them. Please
> note, I am not talking about a SecurityManager issue but rather
> securing a file from access outside of java.
>
> One solution is to root secure the file (i.e., restricting system level
> read privleges to "root"), but then I'd need to run tomcat as root. Is
> that I good idea? The other option is to add the credentials as
> environment variables in apache's configuration where root securing the
> file is simple. Is there someway I can provide arbitrary apache
> configuration data to my servlet via tomcat? Is there a third
> possibility I haven't thought of.
>
> Thanks,
> Rob
>
> _ _ _ _ _ _ _ _ _ _
> /\_\_\_\_\ /\_\ /\_\_\_\_\_\
> /\/_/_/_/_/ /\/_/ \/_/_/_/_/_/ QUIDQUID LATINE DICTUM SIT,
> /\/_/__\/_/ __ /\/_/ /\/_/ PROFUNDUM VIDITUR
> /\/_/_/_/_/ /\_\ /\/_/ /\/_/
> /\/_/ \/_/ /\/_/_/\/_/ /\/_/ (Whatever is said in Latin
> \/_/ \/_/ \/_/_/_/_/ \/_/ appears profound)
>
> Rob Tanner
> UNIX and Networks Manager
> Linfield College, McMinnville OR
> (503) 434-2558 <rt...@linfield.edu>
>
>
>
> --
> To unsubscribe, e-mail:
<ma...@jakarta.apache.org>
> For additional commands, e-mail:
<ma...@jakarta.apache.org>
>
--
To unsubscribe, e-mail: <ma...@jakarta.apache.org>
For additional commands, e-mail: <ma...@jakarta.apache.org>