>> Bordet, Simone wrote:
>> I have no objections to Juha's idea.
>> Just one question: if the keystore is protected, then somebody must
>> enter password on each startup of JBoss. Am I right?
> Errr, mmmhhh, weeellll...
> Ehi, but *you* are the security guy !!
> ;-))
Okay, then I answer: yes, I am right :-)
For those who wouldn't like to enter password on each startup I can
propose the following security model:
1) restrict the access to conf dir to the server administrator only.
2) put your server machine to the room with combination lock on
the door, and use administrator's password as the combination.
;-)
Peace, love and security,
Oleg
