RE: Keystore password in clear text

[Caldarale, Charles R]

 From: Shibu Vachery [mailto:[EMAIL PROTECTED] 
 Subject: Keystore password in clear text
 
 Is there a way in tomcat on (Windows / Unix) that we can 
 avoid the keystore password being set in clear text in the
 server.xml file?

If your system is so wide open that unauthorized users have access to
server.xml, then you have much bigger problems to worry about.  Secure
your file system.

 - Chuck


THIS COMMUNICATION MAY CONTAIN CONFIDENTIAL AND/OR OTHERWISE PROPRIETARY
MATERIAL and is thus for use only by the intended recipient. If you
received this in error, please contact the sender and delete the e-mail
and its attachments from all computers.

-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

Keystore password in clear text

[Shibu Vachery]

Hi,

Is there a way in tomcat on (Windows / Unix) that we can avoid the keystore
password being set in clear text in the server.xml file?

Is there a way that the JVM system parameter  
javax.net.ssl.keyStorePassword can be passed in to the tomcat server when
it starts up so that the password is not stored in the server.xml file?

I tried modifying catalina.bat to include this parameter but that did not do
much good. Am I missing something?

Any help will be much appreciated.

Thanks,
 Shibu.