Hi, Im about to set up a web application running Tomcat. The application will handle a simple user account information, etc.
Some data will need to be encrypted before storing it into a database. I will use AES for encryption/decryption. A "password" will be used as a phrase/key. Now where can I store this key? and still have "good" security. I dont want to store it on disk. Im thinking of having it only in memory. I m thinking of giving the password each time Tomcat is started. How do you force tomcat to ask a password during startup? How do you avoid memory swapping? And is there any risk that the password is removed from memory even that Tomcat is running? How to avoid this? Do you have better solutions? Please advice, Great thanks, Chapoor
