tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Daniel Mikusa <>
Subject Re: Number of logs files and encrypt manager passwd
Date Mon, 15 Jul 2013 15:53:21 GMT
On Jul 15, 2013, at 11:04 AM, Spencer Lamont R CONTR USSTRATCOM/J646 <>

> Dan:

Please don't top post.  Reply inline or after to preserve the flow of the conversation.

> 1. 7.0.14

This is really old.  The security risks from running such an old version are undoubtedly greater
than having your manager passwords in plain text in a file that is appropriated secured with
OS level permissions.

> 2. attachment.

In the future, please inline your config info.  It's easier and quicker to read that way.
 Plus, the list will sometimes strips off attachments.  

> 3. I found these steps online. I am using SHA-1 or SHA-256, trying to.

Most of the realms support the "digest" attribute that you mentioned, but I don't see it listed
for the one that you are using.

You could try using the MemoryRealm instead.  It's very similar to UserDatabaseRealm, but
it lists support for the "digest" attribute.

As a side note, I wouldn't suggest using either of these realms in production.  For production
deployments, you'd be better off using the JDBC or LDAP backed realms.


> THX.
> -----Original Message-----
> From: Daniel Mikusa [] 
> Sent: Monday, July 15, 2013 9:31 AM
> To: Tomcat Users List
> Subject: Re: Number of logs files and encrypt manager passwd
> On Jul 15, 2013, at 10:04 AM, Spencer Lamont R CONTR USSTRATCOM/J646
> <> wrote:
>> To all: 
>>  I am looking for the file in which to set the number of logs to keep.  
> You can configure logging in "conf/", however the default
> configuration does not offer a way to do what you are asking.  It simply
> creates a new log file every day.  You would need to manually clean them up
> with a cron job or scheduled task.
> Alternatively, you could enable Log4j which automatically cleans up old
> files.
>> Also I tried to encrypt the manager password to the manager web page. I
> did the steps with the realm and users file, but when I went to access the
> page it would not work. When I put the unencrypted passwd back it works.
> You're going to need to provide more information here.  Start by including
> this.
> 1.) What version of Tomcat are you running?  Include the whole number, 6.0.x
> or 7.0.x.
> 2.) How do you have your realm and user's configured?  Please include the
> XML configuration, minus comments and any sensitive information.
> 3.) Are you trying to use encryption or hashing?
> Dan
> ---------------------------------------------------------------------
> To unsubscribe, e-mail:
> For additional commands, e-mail:
> <non-plaintext passwords.docx><server xml.ORIGINAL>

To unsubscribe, e-mail:
For additional commands, e-mail:

View raw message