tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Johnny Kewl" <j...@kewlstuff.co.za>
Subject Re: Password Input on Tomcat Startup
Date Fri, 08 Feb 2008 20:27:02 GMT

---------------------------------------------------------------------------
HARBOR: http://coolharbor.100free.com/index.htm
The most powerful application server on earth.
The only real POJO Application Server.
Making the Java dream come true.
---------------------------------------------------------------------------
----- Original Message ----- 
From: "Jan Mönnich" <moennich@dfn-cert.de>
To: <users@tomcat.apache.org>
Sent: Friday, February 08, 2008 12:30 PM
Subject: Password Input on Tomcat Startup


Hi folks,

we have a very sensitive webapp that requires the input of a password
when the tomcat server starts. We don't want to store this password
in a file. One way we've already tested could be the use of a JDialog
with a JPasswordField that is shown in the init() method of a servlet
(<load-on-startup>1). Unfortunately this requires our server to run
X11... :-(

Is there any (hidden) way to input this password on the terminal
tomcat was started from?

============================
Ha ha... hey linux is supposed to be free ;)
Sounds like a licensing scheme... naughty naughty, ok you got to eat ;)

I natural way is as the other poster explained... a web page.
Poping UI out of a servelt even with X... no, its just ugly.

You have to hide the password on the machine...

One way is to... when they pay for the software...
is to give them a license key which is a hash of the password and say the IP 
address,  thus it doesnt work on other machines.
Then you store your password inside the application... it hashes itself and 
the IP, if same, its on, if not, the browsers just give
a "pay me, people" message... ;)

Something like that...

Also look at the POJO application server above... you could have a central 
registry...
ie when servlet starts it calls into the PAS, it checks a user registry and 
either allows it to run or not...
Yes, tomcat is also an application server... probably the most powerful 
application server ever.... ha ha

Have fun...

============================

Thanks in advance for any idea!
Jan

-- 
Dipl.-Inf. (FH) Jan Mönnich, PKI Team
Phone: +49 40 808077-632, Fax: +49 40 808077-556, moennich@dfn-cert.de

DFN-CERT Services GmbH, https://www.dfn-cert.de, Phone +49 40 808077-555
Sitz / Register: Hamburg, AG Hamburg, HRB 88805, Ust-IdNr.: DE 232129737
Sachsenstraße 5, 20097 Hamburg/Germany, CEO: Dr. Klaus-Peter Kossakowski

15 Jahre DFN-CERT + 15. DFN-Workshop "Sicherheit in vernetzten Systemen"
am 13./14. Februar 2008 im CCH Hamburg - https://www.dfn-cert.de/ws2008/




---------------------------------------------------------------------
To start a new topic, e-mail: users@tomcat.apache.org
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org


Mime
View raw message