tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From André Warnier ...@ice-sa.com>
Subject Re: Need to Specify keystorePass on Command Line
Date Tue, 12 Feb 2013 08:46:45 GMT
Harris, Jeffrey E. wrote:
> 
> All,
> 
> I understand that there is no good, secure solution.  However, my hands are tied on this
matter, and I would appreciate if you would focus on providing technical assistance in implementing
a solution within the constraints I have been given.
> 
Jeffrey,

We all understand that you have been given rules, and are supposed to follow them.
But if these rules themselves make no logical sense, nothing in this Universe is going to

help you overcome that.

What is the concern really, about the password remaining somewhere on that server when the

system is shut down ?
Is it that the server, in its shut down state, could be subrepticiously broken apart, its

disk stolen and then inspected by foreign spooks to discover that password, which could 
then be used to further nefarious ends, or what /exactly/ ?

What is wrong with the following scenario :
- a physical Windows server with a console and a keyboard
- boot Windows and login as a "tomcat" user (created beforehand)
- open a command window
- start Tomcat as an application (not a Service) in that command window
- tomcat will ask for the passphrase of the keystore. Type it in. (*)
- when Tomcat is running, enter CTRL-ALT-DEL and freeze the console (do not logout from 
Windows)
- walk away


(*) having made sure beforehand that there is no trojen on that machine which records your

keystrokes and writes them to the disk

---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org


Mime
View raw message