tomcat-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Apache Wiki <wikidi...@apache.org>
Subject [Tomcat Wiki] Trivial Update of "FAQ/Password" by KonstantinKolinko
Date Tue, 04 Dec 2012 15:36:55 GMT
Dear Wiki user,

You have subscribed to a wiki page or wiki category on "Tomcat Wiki" for change notification.

The "FAQ/Password" page has been changed by KonstantinKolinko:
http://wiki.apache.org/tomcat/FAQ/Password?action=diff&rev1=8&rev2=9

Comment:
s/as/runs as/ and several other minor corrections

  = Passwords =
  == Why are plain text passwords in the config files? ==
- Because there isn't a a good way to "secure" them. When Tomcat needs to connect to a database,
it needs the original password. While the password could be encoded, there still needs to
be a mechanism to decode it. And since the source to Tomcat is freely available, the attacker
would know the decoding method. So at best, the password is obscured - but not really protected.
Please see the user and dev list archives for flames wars about this topic. That said, any
configuration file that does contain a password needs to be appropriately secured. That means
limiting access to the file to the user that Tomcat process as and root (or the administrator
on Windows).
+ Because there is no good way to "secure" them. When Tomcat needs to connect to a database,
it needs the original password. While the password could be encoded, there still needs to
be a mechanism to decode it. And since the source to Tomcat is freely available, the attacker
would know the decoding method. So at best, the password is obscured - but not really protected.
Please see the user and dev list archives for flame wars about this topic.
+ 
+ That said, any configuration file that does contain a password needs to be appropriately
secured. That means limiting access to the file so that it could be read only by the user
that Tomcat process runs as and root (or the administrator on Windows).
  
  In [[http://www.catb.org/~esr/writings/cathedral-bazaar/|The Cathedral and the Bazaar]],
Eric S. Raymond recounts a story where his fetchmail users asked for encrypted passwords in
the .fetchmailrc file (which is almost identical to the situation posed here with server.xml).
He refused [[http://www.catb.org/~esr/writings/cathedral-bazaar/cathedral-bazaar/ar01s09.html|using
the same arguments posed here]]: encrypting or otherwise obfuscating the password in server.xml
does not provide any real security: only "security by obscurity" which isn't actually secure.
  
@@ -20, +22 @@

   . Now, whenever you write {{{&resources;}}} in the text below, it will be replaced
by the content of the file "resources.txt". The file path is relative to the conf directory.
   * Write your own datasource implementation which wraps your datasource and obscure your
brains out ([[http://en.wikipedia.org/wiki/XOR_cipher|XOR]] and [[http://en.wikipedia.org/wiki/ROT13|ROT13]]
are great candidates for this since their strength matches the protection you'll actually
get). See the docs on how to do this.
   * Write your own {{{javax.naming.spi.ObjectFactory}}} implementation that creates and configures
your datasource.
-  * (Tomcat 7) Write your own {{{org.apache.tomcat.util.IntrospectionUtils.PropertySource}}}
implementation to 'decrypt' passwords that are 'encrypted' in catalina.properties and referenced
via ${...} in server.xml. You'll need to set the system property {{{org.apache.tomcat.util.digester.PROPERTY_SOURCE}}}
to point to your !PropertySource implementation. 
+  * (Tomcat 7) Write your own {{{org.apache.tomcat.util.IntrospectionUtils.PropertySource}}}
implementation to 'decrypt' passwords that are 'encrypted' in catalina.properties and referenced
via ${...} in server.xml. You will need to set the system property {{{org.apache.tomcat.util.digester.PROPERTY_SOURCE}}}
to point to your !PropertySource implementation. 
  
  ----
  [[CategoryFAQ]]

---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@tomcat.apache.org
For additional commands, e-mail: dev-help@tomcat.apache.org


Mime
View raw message