Long answer is: "Tomcat is free software. You can make it do what you want. Simply patch it to your needs."
Antonio Fiol
Sonny Sukumar wrote:
Hmm ok. Is there any way to encrypt the passwords stored in server.xml on top of that? I'll take all the security I can get. :-)
--- Yiannis Mavroukakis <[EMAIL PROTECTED]>
wrote:
I will assume you mean protect the file from being---------------------------------------------------------------------
read. The
easiest way to do that is to assign read/write
permission to the file
to whoever user is running tomcat and remove all
permissions from group. That also assumes that you are running some flavour
of Unix, but you could achieve the same with Win32 security.
-----Original Message----- From: Sonny Sukumar [mailto:[EMAIL PROTECTED] Sent: 10 March 2004 01:40 To: [EMAIL PROTECTED] Subject: How to protect server.xml?
Hey guys,
I have both a keystore password and a database connection user name/password in cleartext in my server.xml file and I don't know how to get around that.
In light of this, has anybody come up with a way to protect server.xml? Is there a way to encrypt these passwords? Or perhaps to encrypt the whole server.xml file itself?
This has been weighing on my mind for a few months now, and I couldn't find a solution in the mailing list archives.
I'd appreciate any help!
Tomcat version: 4.1.27
__________________________________ Do you Yahoo!? Yahoo! Search - Find what you're looking for faster http://search.yahoo.com
________________________________________________________________________To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Note:__________________________________________________________________This e-mail has been scanned for all viruses by Star Internet. The service is powered by MessageLabs.
________________________________________________________________________This message is for the named person's use only. It may contain confidential, proprietary or legally privileged information. No confidentiality or privilege is waived or lost by any mistransmission. If you receive this message in error, please immediately delete it and all copies of it from your system, destroy any hard copies of it and notify the sender. You must not, directly or indirectly, use, disclose, distribute, print, or copy any part of this message if you are not the intended recipient. Jaguar Freight Services and any of its subsidiaries each reserve the right to monitor all e-mail communications through its networks. Any views expressed in this message are those of the individual sender, except where the message states otherwise and the sender is authorized to state them to be the views of any such entity.
This e-mail has been scanned for all viruses by Star
Internet. The
service is powered by MessageLabs.
__________________________________ Do you Yahoo!? Yahoo! Search - Find what you’re looking for faster http://search.yahoo.com
--------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
smime.p7s
Description: S/MIME Cryptographic Signature