[jboss-user] [Security & JAAS/JBoss] - DB password at rest in login-config.xml: how to avoid this?
gbays
do-not-reply at jboss.com
Fri Jan 12 10:07:57 EST 2007
Our use of JBoss 4.03 has the DB password in login-config.xml openly visible. The database pool connection we implement requires this password in login-config and its runtime copy in tmp/deploy. Is there a way to set up the DB pool connection without having the DB password in login-config? Obviously we can encrypt the DB password, but is there a way to avoid putting the DB password in the clear in login-config.xml the first place?
View the original post : http://www.jboss.com/index.html?module=bb&op=viewtopic&p=4000984#4000984
Reply to the post : http://www.jboss.com/index.html?module=bb&op=posting&mode=reply&p=4000984
More information about the jboss-user
mailing list