tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Bill Barker" <>
Subject Re: How to hide the keystorePass at the server.xml
Date Fri, 02 Jun 2006 09:20:19 GMT
TC 3.3.x had an optional module to do this.  It never got ported.

I generally agree with most of the people that say that this is the least of 
your problems.  If you are usings a self-signed cert, then you are just 
getting what you deserve.  Otherwise, you simply contact the CA and revoke 
the cert:  At least this problem solved :).  Now, how to deal with the fact 
that the hacker just uploaded 10,000 credit-card numbers, since my jdbc 
password was in the clear :).

"Dickson Lam (dilam)" <> wrote in message

I am using Tomcat 5.5.16 window version. When I configure Tomcat to use
SSL, I need to put the "keystorePass" password on the Tomcat server.xml
file which is in plain text format.

Is it anyway I can hide the keystore password from the server.xml? or
configure Tomcat to read in an encrypted "keystorePass" password and
decrypted the password during startup?



To start a new topic, e-mail:
To unsubscribe, e-mail:
For additional commands, e-mail:

View raw message