Correct place to store the DB credentials

I got one servlet based application, which connects to a DB among other things.
Right now I am hardcoding the DB credentials.

We will soon be shifting to Beta phase, where the application will be test deployed at multiple client sites. Obviously the DB credentials need to be changed for every site.
I was wondering if the web.xml is the correct place to put these credentials? This would certainly avoid me the hassle of rebuilding it every time, but I am not really comfortable with the credentials lying out in a human readable format.
I am being paranoid over this, considering that the web.xml is not accessible to the public?

As we're using Hibernate, the credentials never appear at he UI layer, but in other situations I've tended to put then in external properties files.

Hibernate is not applicable in my scenario.

Any particular reason for the properties file instead of the web.xml? Are there any problems if they are in the web.xml?

I'd second putting stuff into properties files instead of web.xml. DB configuration has nothing to do with web setup (which is what web.xml is about).

These days, the only parameter I keep in web.xml is the name of the properties file that has all the configuration data.

Ok.
Thanks Bear, Ulf for the input.