On Fri, 2016-02-12 at 20:35 +0000, Dougherty, Gregory T., M.S. wrote: > You are correct, I¹m trying to authorize the web app, not the user. > > Goal: I am trying to come up with a way for a Tomcat app to securely store > and retrieve the password it needs to access a DB. > > My definition of ³secure² includes ³there exist no files with an > unencrypted copy of the password². IIUC, JNDI fails this test. > > My requirements include that all web app components are checked in to a > source control system that malicious users can have read access to. > > Solution: > 1: Trusted user creates public:private key pair (1), distributes public key > 2: Web app developer creates pubic:private key pair (2), distributes > public key > 3: Web app developer encrypted password with private key 2, then public > key 1, stores with web app > 4: Web app calls decryption jar that¹s in tomcat/lib, passing in the > encrypted password from step 3 > 5: Decryption code determines which app called it, pulls the public key > (3) saved for that app > 6: Decryption code decrypts with private key 1, public key 3, and returns > the unencrypted password. > > So long as 1: Trusted user can store private key where it¹s secure, but > accessible to decryption code
Since the webapps all run in the same tomcat and therefore under the same OS user account, how do you ensure that *only* the decryption code can access the private key? Otherwise, any webapp could decrypt any other webapp's password. > , and 2: Can correctly determine the calling > app, I believe this setup is secure. > > We log who uploads the web apps, so if user X uploads a bogus ³User Y > App², we can deal with that. --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org