Chapter 28 Using Connection Management

Connection caches and security

Your application may have a potential security hole if Java component implementation classes are deployed under the Jaguar html directory. An unauthorized user can implement a program that connects to Jaguar's HTTP port and downloads the component's implementation classes. The user can then decompile the classes and gain access to potentially sensitive information such as database passwords. To close this security hole, Sybase recommends one of the following approaches:

Deploy Java component implementation classes under the Jaguar java/classes subdirectory.
Code components that retrieve connection caches to use the getCacheByName API rather than the APIs that require a database password.
Implement your Java components to retrieve potentially sensitive information from a properties file that is not located beneath the Jaguar HTML directory.