Hi
this thread may be of interest…
In practice, Im a bigger fan of access control. For example with Tomcat on linux, leave the password in the clear, create a tomcat user and ensure only tomcat can read tomcat folders. Then disable console access. Hence an admin must authenticate and use sudo to access the file etc…
regards
Rob