Private passwords

The OWASP document rightfully states that best practices advice us never to store clear text passwords, but that in the case of the it is very difficult to avoid. In this post, I will try to look into ways to avoid storing clear text password in Tomcat’s files that hopefully will make it less difficult to avoid.

On any given system, certain users have privileges that the others don''t and shouldn''t  even have. By identifying yourself on your computer or any given web site, you are granted with access to your work environment and personal data, data which you define as sensitive and data you wouldn''t want to make public, the way a company doesn''t want to give a competitor an access to its intranet, for instance. Abusive scenarios posed by exposing accounting data are:

Tags: Private, passwords,

Pictures:

Private passwordsPrivate passwordsPrivate passwordsPrivate passwordsPrivate passwordsPrivate passwordsPrivate passwordsPrivate passwordsPrivate passwords

Video:


google.com