tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Bill Barker" <wbar...@wilshire.com>
Subject Re: How to hide the keystorePass at the server.xml
Date Fri, 02 Jun 2006 09:20:19 GMT
TC 3.3.x had an optional module to do this.  It never got ported.

I generally agree with most of the people that say that this is the least of 
your problems.  If you are usings a self-signed cert, then you are just 
getting what you deserve.  Otherwise, you simply contact the CA and revoke 
the cert:  At least this problem solved :).  Now, how to deal with the fact 
that the hacker just uploaded 10,000 credit-card numbers, since my jdbc 
password was in the clear :).

"Dickson Lam (dilam)" <dilam@cisco.com> wrote in message 
news:C99477645D09FA43ADF9A3B8874E7E7701DA7170@xmb-sjc-21c.amer.cisco.com...
Hi,



I am using Tomcat 5.5.16 window version. When I configure Tomcat to use
SSL, I need to put the "keystorePass" password on the Tomcat server.xml
file which is in plain text format.



Is it anyway I can hide the keystore password from the server.xml? or
configure Tomcat to read in an encrypted "keystorePass" password and
decrypted the password during startup?



Regards

Dickson





---------------------------------------------------------------------
To start a new topic, e-mail: users@tomcat.apache.org
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org


Mime
View raw message