tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Nathan McMinn" <upda...@soft-trac.com>
Subject Re: Tomcat security?
Date Thu, 03 Jul 2003 19:23:22 GMT
What do you mean "stored in the clear"?  Are you referring to
tomcat-users.xml?  Personally, I use a MySQL database to hold auth
information for a JDBC Realm, and store them digested.  As an additional
layer of security, the user account that is used to access the DB for the
realm is only granted read access and only to the required user and roles
tables.

----- Original Message -----
From: "Mark W. Webb" <mark@dolphtech.com>
To: "Tomcat Users List" <tomcat-user@jakarta.apache.org>
Sent: Thursday, July 03, 2003 1:55 PM
Subject: Re: Tomcat security?


> I can't believe that passwords for SSL are stored in the clear.  That
> places all responsibility of security to the OS, which may not be a good
> idea.  What happened to defense-in-depth ??
>
> Nathan McMinn wrote:
>
> >When was the last time Tomcat had a published exploit?
> >
> >On a related note, these kind of "contests" are fairly common, and
usually
> >don't produce any kind of real activity.
> >
> >--Nathan
> >
> >----- Original Message -----
> >From: "Eugene Lee" <list-tomcat-user@fsck.net>
> >To: "Tomcat Users List" <tomcat-user@jakarta.apache.org>
> >Sent: Thursday, July 03, 2003 10:51 AM
> >Subject: Tomcat security?
> >
> >
> >
> >
> >>Anyone want to discuss hardening Tomcat servers?
> >>
> >>Hacking Contest Threatens Web Sites
> >>
> >>By George V. Hulme, InformationWeek
> >>Updated Wednesday, July 2, 2003, 3:00 PM EDT
> >>
> >>A hacking contest slated for this weekend could produce a rash
> >>of Web-site defacements worldwide, according to a warning issued
> >>Wednesday by security companies and government Internet security
> >>groups.  The hacker defacement contest is expected to kick off
> >>on Sunday. The contest supposedly will award free hosting
> >>services, Web mail, unlimited E-mail forwarding, and a domain
> >>name of choice for the triumphant hackers, according to a Web
> >>site promoting the contest.
> >>
> >>...
> >>
> >>More details at:
> >>
> >>http://www.internetweek.com/story/showArticle.jhtml?articleID=10818014
> >>
> >>
> >>--
> >>Eugene Lee
> >>http://www.coxar.pwp.blueyonder.co.uk/
> >>
> >>---------------------------------------------------------------------
> >>To unsubscribe, e-mail: tomcat-user-unsubscribe@jakarta.apache.org
> >>For additional commands, e-mail: tomcat-user-help@jakarta.apache.org
> >>
> >>
> >>
> >>
> >
> >
> >---------------------------------------------------------------------
> >To unsubscribe, e-mail: tomcat-user-unsubscribe@jakarta.apache.org
> >For additional commands, e-mail: tomcat-user-help@jakarta.apache.org
> >
> >
>
>
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: tomcat-user-unsubscribe@jakarta.apache.org
> For additional commands, e-mail: tomcat-user-help@jakarta.apache.org
>


---------------------------------------------------------------------
To unsubscribe, e-mail: tomcat-user-unsubscribe@jakarta.apache.org
For additional commands, e-mail: tomcat-user-help@jakarta.apache.org


Mime
View raw message