Re:Plain text passwords in web.xml (Score 2, Interesting)

Agreed - plain text passwords in web.xml or properties files are a security hole. What do you do instead? If you encrypt the password but your code can decrypt it, can't an attacker grab your war file along with web.xml and decrypt it?