wood burning stoves 2.0*
The moose likes Tomcat and the fly likes Is it safe ? Big Moose Saloon
  Search | Java FAQ | Recent Topics | Flagged Topics | Hot Topics | Zero Replies
Register / Login


Win a copy of Android Security Essentials Live Lessons this week in the Android forum!
JavaRanch » Java Forums » Products » Tomcat
Bookmark "Is it safe ?" Watch "Is it safe ?" New topic
Author

Is it safe ?

Giora Shcherbakov
Greenhorn

Joined: Jun 29, 2011
Posts: 3
Hi,

In my web service (using tomcat 7.0) I use a datasource to MySql database configured under context.xml (in my WEB-INF directory) which looks like the following :



My question is : Is it safe to store user/pass like this ? if not, what is commonly used as a safe approach ?

Thanks !!!
Tim Holloway
Saloon Keeper

Joined: Jun 25, 2001
Posts: 15964
    
  19

It's safe enough. Since the credentials are stored in a protected (we hope!) file on a protected (we hope!) server, there's little chance that anyone unauthorized can get at them. However, it never hurts to give the webapp its own security account with rights limited to only what that app needs.

Unfortunately, those rights tend to be pretty broad, since they're the greatest common denominator of all users of that particular pool of connections.


Customer surveys are for companies who didn't pay proper attention to begin with.
Bear Bibeault
Author and ninkuma
Marshal

Joined: Jan 10, 2002
Posts: 60810
    
  65



(Sorry, couldn't resist.)

In any case, Tim is spot on. Such passwords are only as secure as you make the server itself. If the server gets compromised, all bets are off for everything -- not just the database password.


[Asking smart questions] [Bear's FrontMan] [About Bear] [Books by Bear]
 
It is sorta covered in the JavaRanch Style Guide.
 
subject: Is it safe ?
 
Similar Threads
Forward to different URL and pass parameters
Session and context objects
Java Servlets and Threads - Am I in trouble ?
Applet session sharing
Complex integration question - multiple jforums -> caching problem?