Plain text password in configuration.xml desmond fox  2019-10-04 07:58
Status: Closed
 

Hello Support,

Our company does not allow us to store plain text passwords in files. Credentials must be always encrypted and then decrypted on the fly.
Does LabKey support encrypted credentials ?

Thanks
Des

 
 
adam responded:  2019-10-05 14:27

How does your company handle other Tomcat applications that connect to resources? If credentials are decrypted on the fly, then how do web applications get that decryption key? The application will need a plain text password/key to decrypt; where is that plain text password stored?

Best practice from the Tomcat team is to properly secure your configuration files. See https://cwiki.apache.org/confluence/display/TOMCAT/Password