Re:Plain text passwords in web.xml
on
J2EE Security
·
· Score: 2, Interesting
Agreed - plain text passwords in web.xml or properties files are a security hole. What do you do instead? If you encrypt the password but your code can decrypt it, can't an attacker grab your war file along with web.xml and decrypt it?
Slashdot Mirror
Agreed - plain text passwords in web.xml or properties files are a security hole. What do you do instead? If you encrypt the password but your code can decrypt it, can't an attacker grab your war file along with web.xml and decrypt it?