tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Mark Thomas <ma...@apache.org>
Subject Re: running tomcat6 under a different user than root (debian)
Date Fri, 29 Oct 2010 13:49:46 GMT
On 29/10/2010 14:42, Rainer Frey wrote:
> On Friday 29 October 2010 15:34:29 Mark Thomas wrote:
>> If Tomcat has access to a database and the attacker has access to a
>> shell prompt (or similar) with the same privileges as Tomcat then the
>> attacker has access to the database and there is absolutely nothing you
>> can do to prevent that.
> 
> In theory, there is a way Tomcat could implement. You could interactively ask 
> for all needed passwords when starting Tomcat and keep them only in memory. 
> httpd does that by default for encrypted SSL primary keys. But in practice the 
> userbase that would accept the inconvenience and the impossibility to 
> automatically start tomcat would be too small to spend time for that. And the 
> practical security gain is small.

Actually it is pretty much zero. If the password is in memory it will be
in a known location and an attacker will still be able to read it
(reflection, heap dump, etc). With httpd the barrier is a little higher
since it is likely to be harder to find the right bit of memory.

Agreed that the downtime issues far outweigh and security benefits.

Mark

---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org


Mime
View raw message