Return-Path: 
 <users-return-175842-apmail-tomcat-users-archive=tomcat.apache.org@tomcat.apache.org>
Delivered-To: apmail-tomcat-users-archive@www.apache.org
Received: (qmail 10436 invoked from network); 8 Feb 2008 10:38:34 -0000
Received: from hermes.apache.org (HELO mail.apache.org) (140.211.11.2)
  by minotaur.apache.org with SMTP; 8 Feb 2008 10:38:34 -0000
Received: (qmail 912 invoked by uid 500); 8 Feb 2008 10:38:15 -0000
Delivered-To: apmail-tomcat-users-archive@tomcat.apache.org
Received: (qmail 877 invoked by uid 500); 8 Feb 2008 10:38:15 -0000
Mailing-List: contact users-help@tomcat.apache.org; run by ezmlm
Precedence: bulk
List-Help: <mailto:users-help@tomcat.apache.org>
List-Unsubscribe: <mailto:users-unsubscribe@tomcat.apache.org>
List-Post: <mailto:users@tomcat.apache.org>
List-Id: <users.tomcat.apache.org>
Reply-To: "Tomcat Users List" <users@tomcat.apache.org>
Delivered-To: mailing list users@tomcat.apache.org
Received: (qmail 861 invoked by uid 99); 8 Feb 2008 10:38:15 -0000
Received: from athena.apache.org (HELO athena.apache.org) (140.211.11.136)
    by apache.org (qpsmtpd/0.29) with ESMTP; Fri, 08 Feb 2008 02:38:15 -0800
X-ASF-Spam-Status: No, hits=1.2 required=10.0
	tests=SPF_NEUTRAL
X-Spam-Check-By: apache.org
Received-SPF: neutral (athena.apache.org: local policy)
Received: from [212.23.3.140] (HELO pythagoras.zen.co.uk) (212.23.3.140)
    by apache.org (qpsmtpd/0.29) with ESMTP; Fri, 08 Feb 2008 10:37:45 +0000
Received: from [82.70.116.177] (helo=mail.melandra.com)
	by pythagoras.zen.co.uk with esmtps (TLS-1.0:RSA_ARCFOUR_MD5:16)
	(Exim 4.63)
	(envelope-from <Peter.Crowther@melandra.com>)
	id 1JNQc8-000792-Qm
	for users@tomcat.apache.org; Fri, 08 Feb 2008 10:37:48 +0000
Received: from puma.melandra.net ([10.0.0.251]) by puma.melandra.net
 ([10.0.0.251]) with mapi; Fri, 8 Feb 2008 10:37:47 +0000
From: Peter Crowther <Peter.Crowther@melandra.com>
To: 'Tomcat Users List' <users@tomcat.apache.org>
Date: Fri, 8 Feb 2008 10:37:46 +0000
Subject: RE: Password Input on Tomcat Startup
Thread-Topic: Password Input on Tomcat Startup
Thread-Index: AchqPbHtFWkQ3dRURX6qhGUUAlyx0wAAHmTQ
Message-ID: <6715CF65287F8F408DA109EC03AC6C0D03C63AD38F@puma.melandra.net>
References: <47AC2F3D.1050501@dfn-cert.de>
In-Reply-To: <47AC2F3D.1050501@dfn-cert.de>
Accept-Language: en-US, en-GB
Content-Language: en-US
X-MS-Has-Attach: 
X-MS-TNEF-Correlator: 
acceptlanguage: en-US, en-GB
Content-Type: text/plain; charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
X-Originating-Pythagoras-IP: [82.70.116.177]
X-Virus-Checked: Checked by ClamAV on apache.org

> From: Jan M=F6nnich [mailto:moennich@dfn-cert.de]
> we have a very sensitive webapp that requires the input of a password
> when the tomcat server starts. We don't want to store this password
> in a file. One way we've already tested could be the use of a JDialog
> with a JPasswordField that is shown in the init() method of a servlet
> (<load-on-startup>1). Unfortunately this requires our server to run
> X11... :-(
>
> Is there any (hidden) way to input this password on the terminal
> tomcat was started from?

Assuming all communication is via HTTPS, an alternative goes roughly as fol=
lows:

- Pull any initialisation out of the servlet's init(), leaving just a boole=
an as to whether the password's been entered or not;

- Modify the servlet to serve a please-enter-the-password page at a particu=
lar URL;

- When the user enters the password, run any init code;

- Refuse to serve any other pages until the password has been entered.

This uses Tomcat's normal interface - HTTP - to your advantage, and probabl=
y maintains security to the level you need - you'll have to evaluate that. =
 Depends how much control you have over the webapp, though.

                - Peter

---------------------------------------------------------------------
To start a new topic, e-mail: users@tomcat.apache.org
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org