#1
  1. No Profile Picture
    Contributing User
    Devshed Newbie (0 - 499 posts)

    Join Date
    Dec 2002
    Posts
    39
    Rep Power
    13

    JSP-DW-connection files prob


    hope someone can help...
    I use Dreamweaver MX to create JSP files to connect to our Oracle databases. MX creates connection files (jsp) which (in plain text) show the username and password to Oracle, and our security guys really don't like that.

    does anyone know a way we can obfuscate these files so people can't just come along and have free access to our databases?

    cheers
    Duncan
  2. #2
  3. No Profile Picture
    Contributing User
    Devshed God 1st Plane (5500 - 5999 posts)

    Join Date
    Oct 2000
    Location
    Back in the real world.
    Posts
    5,966
    Rep Power
    191
    the question is how would people get this file?

    i would read the data from a file that is outside your DocumentRoot. This prevents people from getting your password when the server should fail to run the JSP and deliver the sources.
    Also if there is several people that are allowed to access this machine eg. via ftp, make an account especially for this file and let noone else access it.
    Also a simple XOR encryption could already please your security admins.
    Itīll be much harder if people have SSH / telnet / ?? connection. Do they?

IMN logo majestic logo threadwatch logo seochat tools logo