• Post Reply
  • Bookmark Topic Watch Topic
  • New Topic

Is it safe ?

 
Giora Shcherbakov
Greenhorn
Posts: 3
  • 0
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Hi,

In my web service (using tomcat 7.0) I use a datasource to MySql database configured under context.xml (in my WEB-INF directory) which looks like the following :



My question is : Is it safe to store user/pass like this ? if not, what is commonly used as a safe approach ?

Thanks !!!
 
Tim Holloway
Saloon Keeper
Pie
Posts: 17646
39
Android Eclipse IDE Linux
  • 0
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
It's safe enough. Since the credentials are stored in a protected (we hope!) file on a protected (we hope!) server, there's little chance that anyone unauthorized can get at them. However, it never hurts to give the webapp its own security account with rights limited to only what that app needs.

Unfortunately, those rights tend to be pretty broad, since they're the greatest common denominator of all users of that particular pool of connections.
 
Bear Bibeault
Author and ninkuma
Marshal
Pie
Posts: 64205
83
IntelliJ IDE Java jQuery Mac Mac OS X
  • 0
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator


(Sorry, couldn't resist.)

In any case, Tim is spot on. Such passwords are only as secure as you make the server itself. If the server gets compromised, all bets are off for everything -- not just the database password.
 
With a little knowledge, a cast iron skillet is non-stick and lasts a lifetime.
  • Post Reply
  • Bookmark Topic Watch Topic
  • New Topic