tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From David Wall <>
Subject Re: Encrypting passwords in the connection pool setup
Date Tue, 01 May 2007 16:55:00 GMT

All encryption systems need a way to boot themselves.  This either means 
you store the password somewhere so the program can self-boot itself, or 
you need user intervention, such as typing in the password (or inserting 
a dongle or other security hardware device).

Once the system has booted itself, then it can store things safely using 
encryption.  A hash value is simply a transformation of one string into 
another, so if the program that retrieves the password retrieves the 
real password or its hash, there is no added security, the hash has 
simply become the password (after all, you cannot go from the hash to 
the password value, at least not easily with a good hash, as that's it's 
main reason for being).

Hashed passwords are very useful if you have others who will be entering 
the password in, since you can then store only hashes, and when you need 
to verify the password entered, you create a hash of the entered 
password and then compare it to the stored hashed value.

This isn't the case for applications that need to bootstrap themselves.  
You really either need to require manual intervention to start it (and 
enter the password), or it will be stored in the clear somewhere.


Martin Dubuc wrote:
> Chris,
> I am not sure I buy your argument that because there is somewhere else
> in an implementation that is as insecure as cleartext password, then
> there is no point in fixing the cleartext password issue. With this
> argument, we would never care about fixing any security holes, because
> one can always find a new security hole to exploit. Plus, well, the
> assumption that someone is using a password-less key with Apache
> running with SSL is pretty weak, because there are ways to avoid using
> password-less key.
> As far as the UNIX password analogy, tomcat may be seen as a user, not
> UNIX, but it still performs authentication. So in my mind, it is
> filling in for both roles (UNIX and user). I have the impression that
> using MD5/SHA hashing would be a good option, because it would be
> simple, would not require any additional key, would provide some sense
> of security. Not the silverlining, but better than cleartext, for
> sure.
> Martin

To start a new topic, e-mail:
To unsubscribe, e-mail:
For additional commands, e-mail:

View raw message