git - How to prevent storing postgres password in tomcat's context.xml -

-

in application have context.xml file in src/main/tomcat/conf contains following information:

<?xml version='1.0' encoding='utf-8'?> <context>     <watchedresource>web-inf/web.xml</watchedresource>      <resource             factory="org.apache.tomcat.jdbc.pool.datasourcefactory"             name="jdbc/tomcatdatasource"             auth="container"             type="javax.sql.datasource"             initialsize="1"             maxactive="20"             maxidle="3"             minidle="1"             maxwait="5000"             username="postgres"             password="postgres"             driverclassname="org.postgresql.driver"             validationquery="select 'ok'"             testwhileidle="true"             testonborrow="true"             numtestsperevictionrun="5"             timebetweenevictionrunsmillis="30000"             minevictableidletimemillis="60000"             url="jdbc:postgresql://localhost:5432/tradebook_db" />  </context>

every developer has own postgres server on computer, guess information username , password should not placed in git repository. should put context.xml file in .gitignore after adding repo, every developer has specific user , password? or there other ways prevent putting password postgres server in repository?

you should put application passwords in o/s environment variables (envvars).

  • can read assigned o/s user (or root)
  • you won't accidentally screw file permissions (if putting passwords in files)
  • you won't accidentally check passwords in source control (this particularly important in open source)
  • survives reboots
  • envvars easy read languages
  • make sure don't send envars child proccesses

you should follow principle of least privilege , run web server own user.

in tomcat, can use ant-style variable substitution in config files, such as:

<some-setting>${somejavasystemproperty}</some-setting>

you can't use os environment variables directly (i think...).

to use os environment variables, can put

set "catalina_opts=-dsomejavasystemproperty=%some_os_environment_variable%"

in bin/setenv.bat (or in bin/setenv.sh *nix). may need create file.

http://tomcat.apache.org/tomcat-7.0-doc/config/

if use spring, can use os envvars directly in spring config files using context:property-placeholder.


Comments

Post a Comment

Popular posts from this blog

java - WrongTypeOfReturnValue exception thrown when unit testing using mockito -

-
my test list<person> mylist; @test public void testisvalidperson() { mylist = new arraylist<person>(); mylist.add(new person("tom")); when(persondao.get(person)).thenreturn(mylist); when((persondao.get(person)).isempty()).thenreturn(false);//------exception thrown boolean result = service.isvalid("tom"); assertfalse(result); } method tested: public boolean isvalid(string person){ persondao = new persondao(); person personobj = new person(person); return (persondao.get(person).isempty())?false : true; } exception thrown: org.mockito.exceptions.misusing.wrongtypeofreturnvalue: boolean cannot returned get() get() should return list *** if you're unsure why you're getting above error read on. due nature of syntax above problem might occur because: 1. exception *might* occur in wrongly written multi-threaded tests. please refer mockito faq on limitations of concurrency testing. 2. sp
Read more

php - Magento - Deleted Base url key -

-
i working on cleaning url: http://mydomain.com/shop/shop/deals i going through settings in configuration tab in admin panel on magento , change secure , unsecure base urls remove first base url "shop" web page read: http://mydomain.com/shop/deals so changed unsecure base urls mydomain.com/shop mydomain.com , secure 12.345.67.89/shop 12.345.67.89. wrong thing do. i cannot reload page or admin console. how access these files through ftp , change correctly there?? when make changes in admin panel changes made in database not in file. have make changes in database. 1.go database , select core_config_data table under table find web/unsecure/base_url , web/secure/base_url . make changes here. don't forget clear cache in var/cache folder
Read more

android - How to disable Button if EditText is empty ? -

-
i have edittext , button in application. when button clicked,the text entered in edittext added listview. i want disable button if edittext empty.how ? this code button click imagebutton imb=(imagebutton)findviewbyid(r.id.btn_send); imb.setonclicklistener(new onclicklistener() { @override public void onclick(view arg0) { edittext et = (edittext)findviewbyid(r.id.edittext1); string str = et.gettext().tostring(); web1.add(str); toast.maketext(shoutsingleprogram.this, "you entered...."+str, toast.length_short).show(); adapter1.notifydatasetchanged(); et.settext(""); } }); } how can ? edittext1.addtextchangedlistener(new textwatcher() { @override public void ontextchanged(charsequence s, int start, int before, in
Read more