January 31st, 2003, 09:16 AM
JSP-DW-connection files prob
hope someone can help...
I use Dreamweaver MX to create JSP files to connect to our Oracle databases. MX creates connection files (jsp) which (in plain text) show the username and password to Oracle, and our security guys really don't like that.
does anyone know a way we can obfuscate these files so people can't just come along and have free access to our databases?
January 31st, 2003, 12:16 PM
the question is how would people get this file?
i would read the data from a file that is outside your DocumentRoot. This prevents people from getting your password when the server should fail to run the JSP and deliver the sources.
Also if there is several people that are allowed to access this machine eg. via ftp, make an account especially for this file and let noone else access it.
Also a simple XOR encryption could already please your security admins.
Itīll be much harder if people have SSH / telnet / ?? connection. Do they?