On Fri, Feb 12, 2016 at 5:33 PM, Christopher Schultz < ch...@christopherschultz.net> wrote:
> -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > Gregory, > >>>>> > >>>>> The web app needs a DB password so it can connect to the > >>>>> DB. > >>>> > >>>> I disagree that the web app needs a password. > >>> The web app has to be able to read and write to the DB. That > >>> takes a password. > >> > >> No, javax.sql.DataSource needs a password. Your web app just > >> needs a user name. > >> > >> Your custom data source will fetch a password. > > How? > > > > What, precisely, is the exact mechanism by which this custom > > DataSource will fetch the password? > > (I think Leo's bating you, here: he's trying to get you to admit that > this is a shell game where an encrypted password requires an encrypted > password requires an encrypted password, etc. all the way down. > This thread is on fire! I am finding it hard to know where to reply. I am not baiting anyone, I will explain in a different reply. > > > And how is it that someone else, who has full access to all my > > source code, including to the source code of my custom DataSource, > > won¹t be able to retrieve the exact same password? > > > > Requirement for ³secure²: There are no files sitting anywhere on > > the server that have a plain text copy of my password. > > Is this because you don't trust your admins? > > > Requirement for secure: The sys admin does not get to know my > > password. He¹s ³trusted² in that we assume he won¹t abuse his > > private key on order to steal my password. He¹s not ³trusted² to > > know everyone¹s passwords. > > Forget about "other people's passwords" for a moment: you don't trust > your admins to peek at the super-secret database password (which is > usually something like "pr0duct!on" LOL)? > > If the admins wants the password, he (or she) is going to get it. Your > library needs the cleartext password at some point and at that point, > the admin effectively has it, too. > > (I had a conversation with Sander Temme at ApacheCon over a few beers > while he tried to explain how one of Thales's hardware key escrow > systems were capable of doing thins kind of thing. I had a hard time > understanding how it was possible. It could have been the beer.) > > > Requirement from system: password must be updated every six months. > > So I have to be able to change the password, and inform my web app > > of the changed password. > > Aah, yes. Password-rotation. That definitely keeps things secure. :( > > >> A. You don't get to manage your passwords. > >> > >> B. The suggestion I'm giving you requires coordination with sys > >> admins and DBA's. It is more than just a simple app trying find > >> a way to hide passwords, none of which will "ever" be in source > >> control. > >> > >> Leo > > > > A: I¹m the only one who knows my password, I have to manage it. I > > have to be able to use that password in contexts totally divorced > > from the web server. > > This is your LDAP password? Are we still taking about > application-level passwords for your database? Or user-level passwords > for ... what, exactly? > > > B: A solution that requires the sys admin to know, and update every > > six months, my passwords is not a viable solution. > > If the admin won't update the password, who will? > > - -chris > -----BEGIN PGP SIGNATURE----- > Comment: GPGTools - http://gpgtools.org > Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/ > > iEYEARECAAYFAla+a+YACgkQ9CaO5/Lv0PBRowCfTJSdScNVitc5Bq79oY+JMoZZ > PAwAoJ+85CadSDhL/BKvDjwLoOM/thuP > =symF > -----END PGP SIGNATURE----- > > --------------------------------------------------------------------- > To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org > For additional commands, e-mail: users-h...@tomcat.apache.org > >
