On Feb 22, 2007, at 6:12 AM, Aman Nanner/MxI Technologies wrote:
>
> Hi,
>
> I have noticed that passwords in plans and configuration files in
> Geronimo
> (1.2-beta) are not encrypted by the server, and remain in
> plaintext. For
> example, passwords in:
>
> 1) Datasource connector plans
> 2) ActiveMQ connector plans
> 3) TomcatWebSSL Keystore passwords
> 4) Geronimo properties realm passwords
>
> Having these plaintext passwords in these configuration files pose an
> inherent security risk that would prevent us from deploying
> Geronimo out to
> customer sites. Are there any plans to have all these passwords
> encrypted?
1-3 of these are in module plans, which are unneeded after the module
has been deployed into a car file. So, don't distribute the plans
but the car files.
For (4), I'd suggest you use a non-toy authentication method such as
ldap. Properties file based authentication is mainly intended for
experimentation.
You can probably figure out how to extract passwords from the car
files if you work hard enough. However, if you think this is a
problem I'd like to remind you that security against someone with
physical access to a machine or complete file system access is pretty
much impossible: look at the recent HDDVD crack. In other words, if
you distribute software to customer machines, you should assume that
if they really want to they can extract any passwords you try to hide
in the software.
I've wondered if it would be appropriate to provide a mode whereby
you need a password to start geronimo or you supply a command line
password to unlock the keystores on startup, but haven't got much
beyond wondering if it would actually provide any additional security
beyond that available on a properly secured server.
thanks
david jencks
>
> Thanks,
> Aman
>
> ______________________________________________________________________
> ____________
> * This message is intended only for the use of the individual or
> entity to which it is addressed, and may contain information that
> is privileged, confidential and exempt from disclosure under
> applicable law. Unless you are the addressee (or authorized to
> receive for the addressee), you may not use, copy or disclose the
> message or any information contained in the message. If you have
> received this message in error, please advise the sender by reply e-
> mail , and delete the message, or call (collect) 001 613 747 4698. *
>
|