tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Pid <...@pidster.com>
Subject Re: clear text keystore password in server.xml
Date Thu, 02 Sep 2010 15:51:37 GMT
On 02/09/2010 16:37, David kerber wrote:
> On 9/2/2010 11:28 AM, Christopher Schultz wrote:
>> -----BEGIN PGP SIGNED MESSAGE-----
>> Hash: SHA1
>>
>> Luca,
>>
>> On 8/30/2010 2:42 AM, Luca Gervasi wrote:
>>> I'm working to secure this, but...it's not too easy (and i'm surely not
>>> a skilled programmer...).
>>>
>>> But I hope this topic will be kept up!
>>
>> There is virtually nothing you can do about this. The only solutions
>> here are:
>>
>> 1. Use a password entered on the console during start-up (the "Apache
>>     httpd strategy")

java.io.Console makes this easy in Java 6, but...

> Or a minor variant of this, such as entering the pwd on a secure web
> page just after startup, though this has other disadvantages.
> 
> 
>> 2. Remove the password from the keystore
>>
>> Removing the password from the keystore is just about as (in)secure as
>> having the password in server.xml in plain-text.
>>
>> All other strategies simply move the problem to some other component.
>> Protecting one password requires another password which requires
>> protecting which ... you get the idea.

..lots of info is available by JMX, once the server is up.  In Java 6
you can attach to the process locally, without having to configure the
JMX ports because it injects the management agent into the virtual machine.

Worse, if they're already on your server they've probably got a much
bigger surface area to attack, than just Tomcat.  And if they get root,
it's all over.


p


Mime
View raw message