tomcat-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From <cmanola...@yahoo.com>
Subject Re: [PROPOSAL] Standalone SSL
Date Thu, 02 Aug 2001 05:24:56 GMT
On Tue, 31 Jul 2001, Jim Seach wrote:

> What I meant was, in order to implement SSL,  Tomcat must be able to
> decrypt the keystore to retrieve the private key for the cert.  A
> Tomcat extension or module could be developed to use the private key
> not only to decode the SSL traffic, but also to decode other
> information like database passwords and so forth that developers wished

In particular the admin and/or ajp password :-)

One of the biggest problems is that so many people are installing tomcat
and they just forget to change the passwords.

We already generate a random number for the shutdown command, but a module
that checks if the admin password is still "changethis" and refuse to
start until the user types a better password will do a lot for secuirty
:-)

I'm not very sure about certificate passwords or other things - but if
someone needs this then great. I think ( IMHO ) the authentication, etc
should happen outside tomcat ( at least in a different process ), I'm not
sure if existing auth servers ( kerberos, tacacs, radius, etc ) have any
support for certificates, but as long as tomcat is running user code (
even with the security manager in place ), I wouldn't trust it more than I
have to.

And don't forget that tomcat may even crash, or hung ( well, if not tomcat
maybe some user code or even the JDK or OS ). :-)

Costin


Mime
View raw message