WEB-INF/web.xml displays mysql credentials?

0

I found web.xml in /WEB-INF/ on a domain I'm associated with. In said xml file, I see it displays:

<database>
    <jndi-name>jdbc/mysql</jndi-name>
    <driver> 
        <type>com.mysql.jdbc.jdbc2.optional.MysqlConnectionPoolDataSource</type> 
        <url>jdbc:mysql://127.0.0.1:3306/[domainWasHere]</url>
        <user>[userWasHere]</user>
        <password>[passWasHere]</password>
    </driver>
</database>

could this be vital information in the wrong hands?

zooGorilla32

Posted 2014-04-13T04:38:41.053

Reputation: 1

Answers

0

Yes, it could be - assuming the file was accessible externally, and that the server contains important data, and that the credentials were valid for an account with permissions to do damage; on the other hand, it could be perfectly innocuous.

Snewsley Pies

Posted 2014-04-13T04:38:41.053

Reputation: 386

Asked: 2014-04-13T04:38:41.053

Viewed: 62 times

Active: 2014-04-23T20:20:50.040