-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Gregory,
On 2/12/16 4:49 PM, Dougherty, Gregory T., M.S. wrote: > On 2/12/16, 3:29 PM, "Leo Donahue" <donahu...@gmail.com> wrote: > > >> On Feb 12, 2016 3:19 PM, "Dougherty, Gregory T., M.S." < >> dougherty.greg...@mayo.edu> wrote: >>> >>> On 2/12/16, 3:08 PM, "Leo Donahue" <donahu...@gmail.com> >>> wrote: >>> >>> >>>> On Feb 12, 2016 2:58 PM, "Dougherty, Gregory T., M.S." < >>>> dougherty.greg...@mayo.edu> wrote: >>>>> >>>>> The web app needs a DB password so it can connect to the >>>>> DB. >>>> >>>> I disagree that the web app needs a password. >>> The web app has to be able to read and write to the DB. That >>> takes a password. >> >> No, javax.sql.DataSource needs a password. Your web app just >> needs a user name. >> >> Your custom data source will fetch a password. > How? > > What, precisely, is the exact mechanism by which this custom > DataSource will fetch the password? (I think Leo's bating you, here: he's trying to get you to admit that this is a shell game where an encrypted password requires an encrypted password requires an encrypted password, etc. all the way down. > And how is it that someone else, who has full access to all my > source code, including to the source code of my custom DataSource, > won¹t be able to retrieve the exact same password? > > Requirement for ³secure²: There are no files sitting anywhere on > the server that have a plain text copy of my password. Is this because you don't trust your admins? > Requirement for secure: The sys admin does not get to know my > password. He¹s ³trusted² in that we assume he won¹t abuse his > private key on order to steal my password. He¹s not ³trusted² to > know everyone¹s passwords. Forget about "other people's passwords" for a moment: you don't trust your admins to peek at the super-secret database password (which is usually something like "pr0duct!on" LOL)? If the admins wants the password, he (or she) is going to get it. Your library needs the cleartext password at some point and at that point, the admin effectively has it, too. (I had a conversation with Sander Temme at ApacheCon over a few beers while he tried to explain how one of Thales's hardware key escrow systems were capable of doing thins kind of thing. I had a hard time understanding how it was possible. It could have been the beer.) > Requirement from system: password must be updated every six months. > So I have to be able to change the password, and inform my web app > of the changed password. Aah, yes. Password-rotation. That definitely keeps things secure. :( >> A. You don't get to manage your passwords. >> >> B. The suggestion I'm giving you requires coordination with sys >> admins and DBA's. It is more than just a simple app trying find >> a way to hide passwords, none of which will "ever" be in source >> control. >> >> Leo > > A: I¹m the only one who knows my password, I have to manage it. I > have to be able to use that password in contexts totally divorced > from the web server. This is your LDAP password? Are we still taking about application-level passwords for your database? Or user-level passwords for ... what, exactly? > B: A solution that requires the sys admin to know, and update every > six months, my passwords is not a viable solution. If the admin won't update the password, who will? - -chris -----BEGIN PGP SIGNATURE----- Comment: GPGTools - http://gpgtools.org Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/ iEYEARECAAYFAla+a+YACgkQ9CaO5/Lv0PBRowCfTJSdScNVitc5Bq79oY+JMoZZ PAwAoJ+85CadSDhL/BKvDjwLoOM/thuP =symF -----END PGP SIGNATURE----- --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
