We need to think about it.
See, this is more of an overall design issue. Sure we can get around it
right now, when we are developing a product. But I am thinking about
general security when using this product in real applications in the
future. I kind of like an idea of security based on user system accounts,
but yes, this adds an extra configuration step.
Maybe it can be added as an extra security feature (optional). Basically
implementing it both ways. So that database user names and passwords can be
either included in data node config files (convenient) or taken from this
special password file in the home directory (more secure)?
At 10:49 PM 5/15/2001 -0400, Michael Misha Shengaout wrote:
>Folks,
>
>What we can do is not to put any real security data into *sample*.xml
>files and keep the real files under different name NOT in CVS. This way,
>whoever needs it, may create his own config xml file using the sample
>and DTD-s, and for our internal development goals Andrus may be sending
>the copies of the real config file for our Oracle database on
>need-to-know basis.
>
>Misha
Andrei
This archive was generated by hypermail 2b30 : Sat Aug 04 2001 - 16:21:24 EDT