tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Vijay <amirisetty.vijayaragha...@gmail.com>
Subject Re: clear text keystore password in server.xml
Date Fri, 27 Aug 2010 12:19:31 GMT
Hi Mark,
            I guess I am getting the point you are trying to make .. As long
as the password or (the encrypted password and the secret key) are present
at some location (file system / database/ etc) .. there is a security gap ..
I agree with this ..

This said, I am trying to find a way to get tomcat work with an encrypted
password. [given the fact there is no way anyone can get to the  secret key
for decrypting the password]

Thanks!
Vijay

On Fri, Aug 27, 2010 at 4:07 PM, Mark Thomas <markt@apache.org> wrote:

> On 27/08/2010 11:26, Vijay wrote:
> > For prototyping purposes, I am embedding the secret key in the program
> > itself.
> > If the solution works out, having it in a secure database is an option I
> am
> > considering..
>
> And how do you propose to provide the password Tomcat uses to access
> this secure database?
>
> Mark
>
> > On Fri, Aug 27, 2010 at 3:45 PM, Mark Thomas <markt@apache.org> wrote:
> >
> >> On 27/08/2010 10:41, Vijay wrote:
> >>> I am looking to write a wrapper class that decrypts the password passed
> >> as
> >>> an environment variable to tomcat, and then sets the system property
> >>> javax.net.ssl.keyStorePassword inside the JVM itself.
> >>
> >> And how do you propose to provide the secret key required to perform the
> >> decryption?
> >>
> >> Mark
> >>
> >> ---------------------------------------------------------------------
> >> To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
> >> For additional commands, e-mail: users-help@tomcat.apache.org
> >>
> >>
> >
> >
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
> For additional commands, e-mail: users-help@tomcat.apache.org
>
>

Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message