Property files were being bundled up in the jar
Cornelia Davis wrote:Putting application configurations into property files. "What?!?!" you say? "Aren't property files a best practice? It's better than hard coding in the code!" - Yes, property files ARE a best practice, but because they are often compiled into the binary, that means a config change requires a new build.
Tim Holloway wrote: Actually, property configuration files compiled into an application (web or otherwise) is a horrible practice.
Cornelia Davis wrote:Love your practices Tim.
paul nisset wrote:JNDI and context.xml are excellent for general information like DB server paths etc. But I wouldn't want to put passwords in them.
It doesn't really resolve the security of issue having passwords readily accessible to anyone who has access to the web server having the keys to the kingdom all in one convenient place.
I've seen people put DB passwords in web.xml (luckily not often). It's quite shocking.