On 07.06.21 10:56, xcorpius wrote: > Hello again! > > Checking the documentation ... Tomcat can create an encrypted password with > the "digest.sh" tool for application passwords. > > But you cannot create an encrypted password for the DB in the context.xml > file. The only solution without adding anything is to give restrictive > permissions to the context.xml file. > > Wouldn't it be the same problem? Why can't I generate an encrypted password > for the database with the "digest.sh" tool instead of having to use a > customized "factory"? > > I think people who develop Tomcat should consider this option. > > Thank you very much to all.
Sorry, those are not the same: Digested passwords cannot be undigested, but any digestion of the same password reveals the same digested result, so that they can be compared. (read about the difference between hashing and encryption) For a database connection, you'll need to undigest (e.g. unencrypt) the password and get it in clear text. And that's precisely what the FAQ answers as impossible to do securely (without requiring manual input of keys at each startup) There's nothing here to consider that hasn't been considered before. Olaf >>>>>> Hi, >>>>>> I wanted to ask about how to encrypt database passwords in the >>>>>> context.xml file in Tomcat 9. >>>>> Hi, >>>>> please check this article: >>>> https://urldefense.com/v3/https://cwiki.apache.org/confluence/display/ >>>> TOMCAT/Password;!!F9svGWnIaVPGSwU!5L0cC3jIaCuRm0q1-FYoVLDsuldYO4StHmkrZWg_Y0z1bdU7NM3IWFdkUykL7W_YAFGN4bM$ >>>> >>>>> It covers the topic once and for all... >>>>> Olaf --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
