On 02.09.2010 18:55, Pid wrote:
On 02/09/2010 17:31, Christopher Schultz wrote:
Pid,
On 9/2/2010 11:51 AM, Pid wrote:
..lots of info is available by JMX, once the server is up. In Java 6
you can attach to the process locally, without having to configure the
JMX ports because it injects the
On 04/09/2010 11:05, Rainer Jung wrote:
On 02.09.2010 18:55, Pid wrote:
On 02/09/2010 17:31, Christopher Schultz wrote:
Pid,
On 9/2/2010 11:51 AM, Pid wrote:
..lots of info is available by JMX, once the server is up. In Java 6
you can attach to the process locally, without having to
On 04/09/2010 12:41, Pid wrote:
On 04/09/2010 11:05, Rainer Jung wrote:
On 02.09.2010 18:55, Pid wrote:
On 02/09/2010 17:31, Christopher Schultz wrote:
Pid,
On 9/2/2010 11:51 AM, Pid wrote:
..lots of info is available by JMX, once the server is up. In Java 6
you can attach to the process
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Luca,
On 8/30/2010 2:42 AM, Luca Gervasi wrote:
I'm working to secure this, but...it's not too easy (and i'm surely not
a skilled programmer...).
But I hope this topic will be kept up!
There is virtually nothing you can do about this. The only
On 9/2/2010 11:28 AM, Christopher Schultz wrote:
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Luca,
On 8/30/2010 2:42 AM, Luca Gervasi wrote:
I'm working to secure this, but...it's not too easy (and i'm surely not
a skilled programmer...).
But I hope this topic will be kept up!
There is
On 02/09/2010 16:37, David kerber wrote:
On 9/2/2010 11:28 AM, Christopher Schultz wrote:
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Luca,
On 8/30/2010 2:42 AM, Luca Gervasi wrote:
I'm working to secure this, but...it's not too easy (and i'm surely not
a skilled programmer...).
But I
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Pid,
On 9/2/2010 11:51 AM, Pid wrote:
On 9/2/2010 11:28 AM, Christopher Schultz wrote:
1. Use a password entered on the console during start-up (the Apache
httpd strategy)
java.io.Console makes this easy in Java 6, but...
Right: before
-Original Message-
From: David kerber [mailto:dcker...@verizon.net]
Sent: Thursday, September 02, 2010 9:37 AM
To: Tomcat Users List
Subject: Re: clear text keystore password in server.xml
On 9/2/2010 11:28 AM, Christopher Schultz wrote:
-BEGIN PGP SIGNED MESSAGE-
Hash
On 02/09/2010 17:31, Christopher Schultz wrote:
Pid,
On 9/2/2010 11:51 AM, Pid wrote:
On 9/2/2010 11:28 AM, Christopher Schultz wrote:
1. Use a password entered on the console during start-up (the Apache
httpd strategy)
java.io.Console makes this easy in Java 6, but...
Right:
On Fri, 2010-08-27 at 17:53 -0400, Christopher Schultz wrote:
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Vijay,
On 8/27/2010 5:41 AM, Vijay wrote:
I am looking for a way to use only encrypted passwords.
Cool. How are you going to do that?
I am looking to write a wrapper class
On 27/08/2010 10:41, Vijay wrote:
I am looking to write a wrapper class that decrypts the password passed as
an environment variable to tomcat, and then sets the system property
javax.net.ssl.keyStorePassword inside the JVM itself.
And how do you propose to provide the secret key required to
For prototyping purposes, I am embedding the secret key in the program
itself.
If the solution works out, having it in a secure database is an option I am
considering..
On Fri, Aug 27, 2010 at 3:45 PM, Mark Thomas ma...@apache.org wrote:
On 27/08/2010 10:41, Vijay wrote:
I am looking to write
On 27/08/2010 11:26, Vijay wrote:
For prototyping purposes, I am embedding the secret key in the program
itself.
If the solution works out, having it in a secure database is an option I am
considering..
And how do you propose to provide the password Tomcat uses to access
this secure database?
Hi Mark,
I guess I am getting the point you are trying to make .. As long
as the password or (the encrypted password and the secret key) are present
at some location (file system / database/ etc) .. there is a security gap ..
I agree with this ..
This said, I am trying to find a way
On 27/08/2010 13:19, Vijay wrote:
Hi Mark,
I guess I am getting the point you are trying to make .. As long
as the password or (the encrypted password and the secret key) are present
at some location (file system / database/ etc) .. there is a security gap ..
I agree with this ..
On Fri, Aug 27, 2010 at 2:36 PM, Mark Thomas ma...@apache.org wrote:
On 27/08/2010 13:19, Vijay wrote:
Hi Mark,
I guess I am getting the point you are trying to make .. As long
as the password or (the encrypted password and the secret key) are present
at some location (file system
On 8/27/2010 9:02 AM, Wesley Acheson wrote:
...
I've been giving this whole issue a lot of thought. And not just now
for months now. I was wondering if the following was possible in
theory, When tomcat is started up it prompts for the password?
Wouldn't that help with the whole smoke and
On 27/08/2010 14:02, Wesley Acheson wrote:
I've been giving this whole issue a lot of thought. And not just now
for months now. I was wondering if the following was possible in
theory, When tomcat is started up it prompts for the password?
Wouldn't that help with the whole smoke and mirrors
If you wanted to go down this path, besides the web page for entering
the password, you could add sending alerts to the cells of all your
sysadmins to improve the probability of the password being entered in
a timely manner. Perhaps Tomcats in clusters could obtain the
password from
are you using, and is this an option for you?
-Original Message-
From: Vijay [mailto:amirisetty.vijayaragha...@gmail.com]
Sent: Friday, August 27, 2010 7:20 AM
To: Tomcat Users List
Subject: Re: clear text keystore password in server.xml
Hi Mark,
I guess I am getting the point you
Ken Bowen wrote:
If you wanted to go down this path, besides the web page for entering
the password, you could add sending alerts to the cells of all your
sysadmins to improve the probability of the password being entered in a
timely manner. Perhaps Tomcats in clusters could obtain the
André Warnier a...@ice-sa.com wrote on 08/27/2010 12:32:43 PM:
Ken Bowen wrote:
If you wanted to go down this path, besides the web page for entering
the password, you could add sending alerts to the cells of all your
sysadmins to improve the probability of the password being entered in
a
On 8/27/2010 1:14 PM, djohn...@desknetinc.com wrote:
André Warniera...@ice-sa.com wrote on 08/27/2010 12:32:43 PM:
Ken Bowen wrote:
If you wanted to go down this path, besides the web page for entering
the password, you could add sending alerts to the cells of all your
sysadmins to improve
André Warnier a...@ice-sa.com wrote on 08/27/2010 12:32:43 PM:
And to complete the circle and make it all more user-friendly, I
would also add the password to the SMS being sent.
Just put it on Facebook...
To quote from some architecture specs: Meaningful programming has not been
achieved.
If the hacker has root privilages I'm pretty sure you have worse problems.
On Fri, Aug 27, 2010 at 7:14 PM, djohn...@desknetinc.com wrote:
André Warnier a...@ice-sa.com wrote on 08/27/2010 12:32:43 PM:
Ken Bowen wrote:
If you wanted to go down this path, besides the web page for entering
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Vijay,
On 8/27/2010 5:41 AM, Vijay wrote:
I am looking for a way to use only encrypted passwords.
Cool. How are you going to do that?
I am looking to write a wrapper class that decrypts the password passed as
an environment variable to tomcat,
26 matches
Mail list logo