Plain text password in configuration.xml: /home/Support/Inactive Forums/LabKey Trial Support (Inactive)

The 2025 Client Survey is now open! Responses will be accepted up until 10/31. Please feel free to share this link within your organization and we thank you in advance for your participation!

Plain text password in configuration.xml

LabKey Trial Support

View Question

view list print

Plain text password in configuration.xml

desmond fox

2019-10-04 07:58

Status: Closed

Hello Support,

Our company does not allow us to store plain text passwords in files. Credentials must be always encrypted and then decrypted on the fly.
Does LabKey support encrypted credentials ?

Thanks
Des

adam responded:	2019-10-05 14:27
How does your company handle other Tomcat applications that connect to resources? If credentials are decrypted on the fly, then how do web applications get that decryption key? The application will need a plain text password/key to decrypt; where is that plain text password stored? Best practice from the Tomcat team is to properly secure your configuration files. See https://cwiki.apache.org/confluence/display/TOMCAT/Password

LabKey Support

LabKey Support

Plain text password in configuration.xml

View Question