Return-Path: X-Original-To: apmail-tomcat-users-archive@www.apache.org Delivered-To: apmail-tomcat-users-archive@www.apache.org Received: from mail.apache.org (hermes.apache.org [140.211.11.3]) by minotaur.apache.org (Postfix) with SMTP id CD631E668 for ; Fri, 8 Feb 2013 22:03:46 +0000 (UTC) Received: (qmail 86615 invoked by uid 500); 8 Feb 2013 22:03:43 -0000 Delivered-To: apmail-tomcat-users-archive@tomcat.apache.org Received: (qmail 86561 invoked by uid 500); 8 Feb 2013 22:03:43 -0000 Mailing-List: contact users-help@tomcat.apache.org; run by ezmlm Precedence: bulk List-Help: List-Unsubscribe: List-Post: List-Id: Reply-To: "Tomcat Users List" Delivered-To: mailing list users@tomcat.apache.org Received: (qmail 86547 invoked by uid 99); 8 Feb 2013 22:03:43 -0000 Received: from athena.apache.org (HELO athena.apache.org) (140.211.11.136) by apache.org (qpsmtpd/0.29) with ESMTP; Fri, 08 Feb 2013 22:03:43 +0000 X-ASF-Spam-Status: No, hits=-0.0 required=5.0 tests=SPF_PASS X-Spam-Check-By: apache.org Received-SPF: pass (athena.apache.org: local policy) Received: from [206.136.167.22] (HELO micmail1.mantech.com) (206.136.167.22) by apache.org (qpsmtpd/0.29) with ESMTP; Fri, 08 Feb 2013 22:03:36 +0000 X-SENDER-IP: 10.6.161.29 X-SENDER-REPUTATION: None X-Attachment-Filenames: X-IronPort-AV: E=Sophos;i="4.84,632,1355115600"; d="scan'208";a="82749614" Received: from chnmichts02.mantech.com ([10.6.161.29]) by micmail1.mantech.com with ESMTP/TLS/AES128-SHA; 08 Feb 2013 17:03:15 -0500 Received: from CHNMICCAS01-1.ManTech.com (10.6.161.31) by CHNMICHTS02.ManTech.com (10.6.161.29) with Microsoft SMTP Server (TLS) id 8.3.279.5; Fri, 8 Feb 2013 17:03:15 -0500 Received: from CHNMICMBX02.ManTech.com ([fe80::7d5f:e09e:e40e:8c75]) by CHNMICCAS01-1.ManTech.com ([::1]) with mapi; Fri, 8 Feb 2013 17:03:15 -0500 From: "Harris, Jeffrey E." To: Tomcat Users List Date: Fri, 8 Feb 2013 17:03:14 -0500 Subject: RE: Need to Specify keystorePass on Command Line Thread-Topic: Need to Specify keystorePass on Command Line Thread-Index: Ac4GRf7ojCatYGgwSVWOY/TVOF/S9gAAc3KA Message-ID: References: <99C8B2929B39C24493377AC7A121E21FC49E7678FB@USEA-EXCH8.na.uis.unisys.com> <99C8B2929B39C24493377AC7A121E21FC49E767C7C@USEA-EXCH8.na.uis.unisys.com> <51157279.4000509@pidster.com> In-Reply-To: <51157279.4000509@pidster.com> Accept-Language: en-US Content-Language: en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: acceptlanguage: en-US Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: quoted-printable MIME-Version: 1.0 X-Virus-Checked: Checked by ClamAV on apache.org > -----Original Message----- > From: Pid [mailto:pid@pidster.com] > Sent: Friday, February 08, 2013 4:48 PM > To: Tomcat Users List > Subject: Re: Need to Specify keystorePass on Command Line > > On 08/02/2013 16:11, Caldarale, Charles R wrote: > >> From: Harris, Jeffrey E. [mailto:Jeffrey.Harris@ManTech.com] > >> Subject: RE: Need to Specify keystorePass on Command Line > > > >> First, I cannot store the password ANYWHERE on the system, which is > >> why it needs to be entered on the command line. > > > > Then you can't run Tomcat as a service - there is no command line. > It's my understanding that all parameters for a service must be > available in the registry or elsewhere in the file system prior to > starting the service. > > > > Consider running Tomcat from the .bat scripts instead, in which case > you can pass arbitrary parameters, but you will need to do this from a > logged-in account. > > But bear in mind that setting the password as -Dblah=3Dpassword may still > expose the password to other processes able to read the startup > parameters of that process. > > Which IMHO is less secure than putting the password in a file with > permissions such that only the Tomcat user can read it... > > > p > > > - Chuck > > > > > > THIS COMMUNICATION MAY CONTAIN CONFIDENTIAL AND/OR OTHERWISE > PROPRIETARY MATERIAL and is thus for use only by the intended > recipient. If you received this in error, please contact the sender and > delete the e-mail and its attachments from all computers. > > > > > > --------------------------------------------------------------------- > > To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org > > For additional commands, e-mail: users-help@tomcat.apache.org > > > > > -- > > [key:62590808] > > --------------------------------------------------------------------- > To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org > For additional commands, e-mail: users-help@tomcat.apache.org For our implementation, it does not matter whether another process can read= the startup parameters - as long as the password is not stored in a file a= nd disappears when the Tomcat's host server is shutdown. This e-mail and any attachments are intended only for the use of the addres= see(s) named herein and may contain proprietary information. If you are not= the intended recipient of this e-mail or believe that you received this em= ail in error, please take immediate action to notify the sender of the appa= rent error by reply e-mail; permanently delete the e-mail and any attachmen= ts from your computer; and do not disseminate, distribute, use, or copy thi= s message and any attachments. --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org For additional commands, e-mail: users-help@tomcat.apache.org