tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Christopher Schultz <>
Subject Re: Encrypting passwords in the connection pool setup
Date Tue, 01 May 2007 17:20:45 GMT
Hash: SHA1


Martin Dubuc wrote:
> I am not sure I buy your argument that because there is somewhere
> else in an implementation that is as insecure as cleartext password,
> then there is no point in fixing the cleartext password issue. With
> this argument, we would never care about fixing any security holes,
> because one can always find a new security hole to exploit.

Of course I could never say that security measures are never useful.
What I'm saying is that /this/ one isn't (useful).

Writing your password on your monitor is a bad idea. Writing it on a
sheet of paper in your desk is slightly better, but remembering it is
the best solution. I'm asking you to consider looking for the best
solution instead of the deployment equivalent of putting your password
in your desk drawer.

> Plus, well, the assumption that someone is using a password-less key
> with Apache running with SSL is pretty weak, because there are ways
> to avoid using password-less key.

Right. You can either enter the password on startup (a maintenance
headache) or you can put the key somewhere (plaintext, I might add).

> As far as the UNIX password analogy, tomcat may be seen as a user,
> not UNIX, but it still performs authentication.

No, it doesn't. Tomcat is a user of the database. It is never performing
database authentication. Tomcat may be performing /user/ authentication,
but that unrelated.

> I have the impression that using MD5/SHA hashing would be a good
> option, because it would be simple, would not require any additional
> key, would provide some sense of security.

Note that hashing the password is the same as using a plaintext
password. I'll leave the reason for this as an exercise for the reader.

My belief is that this gives the illusion of security. Bruce Schneier
calls this "security theater" because you are essentially making a
symbolic yet meaningless gesture towards security.

Please don't hear me saying that what you are proposing is a bad idea,
or that security isn't worth it. I'm merely suggesting that there are
better ideas than the one you are proposing.

- -chris
Version: GnuPG v1.4.7 (MingW32)
Comment: Using GnuPG with Mozilla -


To start a new topic, e-mail:
To unsubscribe, e-mail:
For additional commands, e-mail:

View raw message