tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Christopher Schultz <ch...@christopherschultz.net>
Subject Re: Second Instance of Tomcat
Date Thu, 07 Nov 2013 21:40:03 GMT
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Dan,

On 11/7/13, 2:43 PM, Daniel Mikusa wrote:
> On Nov 7, 2013, at 2:08 PM, Crystal Maramba
> <cmaramba@acumenllc.com> wrote:
> 
>> Thanks, Dan. That helps a lot.
> 
> Please don't top post.  Reply inline or at the bottom.
> 
>> 2) a. I was referring to importing another certificate to the
>> same .keystore that Instance1 is using.
> 
> A keystore file can contain multiple certificates.  You just need
> to specify which certificate to use and that is done by specifying
> the "keyAlias" attribute on your connector.
> 
>> 3) The tomcat-users.xml file is used to store the user and
>> password for the tomcat manager which is used to deploy .war
>> files.
> 
> Ignore what I previously wrote here.  You can store hashes of your
> password in tomcat-users.xml.  To do this, you need to add the
> "digest" attribute on your Realm.  For the default configuration
> that would look like this.

Note that Tomcat uses a bare cryptographic digest, and not anything
more industrial-strength such as a "password derivation" function like
bcrypt/scrypt/PBKDF2. As such, your tomcat-users.xml file will be
vulnerable to rainbow-attacks, etc. if stolen.

- -chris
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.15 (Darwin)
Comment: GPGTools - http://gpgtools.org
Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/

iQIcBAEBCAAGBQJSfAizAAoJEBzwKT+lPKRYDIYP/A+b92pYcR9Z3wNCUiiJCa9J
4raZqaBsIgTnXDX+d5Q+PdMmcyX6bru5KYi2iz+GsXToQMKOJSzCAnZTUjiNpiAI
O3C/x5Rcw0jaICIFhAmX4WMlOio2vN7aiIgVv5HDHVgB3b3h4bjhNeDQF9rsSsN5
HOSOak3fpeBz9cp3hVAc7QGskwbsgfzDBIorj/QGecyZAWnXWt0+ZEaXuJjCLrow
LsQ2OnyElxxE3wpaPDXZfaf4lzN1Er0qX9ofiVmUEH7SQm2/iR3zQXGzNGYxyUQb
fVbH71euT96WG+ilV2UghVJLGMtKVv5fIjBaB0RAe8LslodmVZpNHl4Uw8i2/4X1
UPMLGfeYLuwNn2PGh/L/JC7y9B2jOACo8mrIMLRmSmqYeNydyZiWx3yg/xqu8ifv
a6hE69tqwWiq6Ukfit4/b3RgOBeh1N20QLd6R/IOTO0stgUH2y7ajXFzirqdOy8N
EknoSc1cuBqtvEq6tpn6MbeZUYexNKLD+V6QH3GOb9CMp8AbF8cRZpt6fkpdTXIX
wvLtW+PAfzSgq/De8ncmPOytekTsc5CHwzvolEhMc+2posw0OY875CJotHUnJgJ0
8nKE7TwlKRUZiJyC5W/eufERqY3KMS+imkh7zwmaOyK2Q8RH10zLpILLHplMDzzh
cu/oXnlGRqNTv0pmxvPo
=l2cb
-----END PGP SIGNATURE-----

---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org


Mime
View raw message