tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Johannes Fiala" <tom...@fwd.at>
Subject Making manager app more secure (MD5 + signatures)
Date Thu, 01 May 2003 18:26:49 GMT
Hi there,

I think the manager app is currently quite insecure. 

===============================
Ideas
===============================
Making it more secure could cover the following aspects:
*) Checksums
- Adding an MD5 hash to the HTTP PUT request currently done by the manager 
task.
- Verifying the MD5 hash at ManagerServlet.java before deploying to 
Tomcat.

*) Authenticity of the client
The user/password system is not especially secure.

- The MD5 hash could be signed using a client certificate.
- At the server side, the signature could be compared to a trusted client 
certificate list (or the trusted CA list used by Tomcat?)
If the client's signature is to be trusted, the application gets deployed.

Thus only trusted WAR files could be deployed and their consistency would 
be guaranteed.

===============================
Implementations
===============================
*) Does anybody know an apache project which does MD5 computation.
I know there's an implementation available of Sun, but maybe better 
implementations are available as well?
MessageDigest md5 = MessageDigest.getInstance("MD5","SUN");

*) Should we use BouncyCastle to sign and verify the signature at the 
client/server side?
Or would standard Java sun classes of JSSE suffice?

Has anybody else additional ideas on this topic?

Johannes
Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message