tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Harris, Jeffrey E." <Jeffrey.Har...@ManTech.com>
Subject RE: Need to Specify keystorePass on Command Line
Date Fri, 08 Feb 2013 22:03:14 GMT


> -----Original Message-----
> From: Pid [mailto:pid@pidster.com]
> Sent: Friday, February 08, 2013 4:48 PM
> To: Tomcat Users List
> Subject: Re: Need to Specify keystorePass on Command Line
>
> On 08/02/2013 16:11, Caldarale, Charles R wrote:
> >> From: Harris, Jeffrey E. [mailto:Jeffrey.Harris@ManTech.com]
> >> Subject: RE: Need to Specify keystorePass on Command Line
> >
> >> First, I cannot store the password ANYWHERE on the system, which is
> >> why it needs to be entered on the command line.
> >
> > Then you can't run Tomcat as a service - there is no command line.
> It's my understanding that all parameters for a service must be
> available in the registry or elsewhere in the file system prior to
> starting the service.
> >
> > Consider running Tomcat from the .bat scripts instead, in which case
> you can pass arbitrary parameters, but you will need to do this from a
> logged-in account.
>
> But bear in mind that setting the password as -Dblah=password may still
> expose the password to other processes able to read the startup
> parameters of that process.
>
> Which IMHO is less secure than putting the password in a file with
> permissions such that only the Tomcat user can read it...
>
>
> p
>
> >  - Chuck
> >
> >
> > THIS COMMUNICATION MAY CONTAIN CONFIDENTIAL AND/OR OTHERWISE
> PROPRIETARY MATERIAL and is thus for use only by the intended
> recipient. If you received this in error, please contact the sender and
> delete the e-mail and its attachments from all computers.
> >
> >
> > ---------------------------------------------------------------------
> > To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
> > For additional commands, e-mail: users-help@tomcat.apache.org
> >
>
>
> --
>
> [key:62590808]
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
> For additional commands, e-mail: users-help@tomcat.apache.org

For our implementation, it does not matter whether another process can read the startup parameters
- as long as the password is not stored in a file and disappears when the Tomcat's host server
is shutdown.

This e-mail and any attachments are intended only for the use of the addressee(s) named herein
and may contain proprietary information. If you are not the intended recipient of this e-mail
or believe that you received this email in error, please take immediate action to notify the
sender of the apparent error by reply e-mail; permanently delete the e-mail and any attachments
from your computer; and do not disseminate, distribute, use, or copy this message and any
attachments.

---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org


Mime
View raw message