On 04/11/2022 08:06, Bärtschi, Markus-MGB wrote:
I configured TLS for my JMX post, this is working alright.
But the keystore information, especially the passwords end up on the
java/tomcat command line.
I did attempt to move the configuration items into catalina.properties, but
this did not work.
How can I configure TSL for my JMX port without the keystore information
showing up on the command line ?
Don't use passwords. Rely on operating system file permissions to limit
access to the file to the Tomcat process (and root).
Keep in mind that JMX has various security issues you can do very little
about including:
- extremely coarse grained security (read-only or read/write)
- no protection against brute force attacks
- no logging to identify brute force attacks
Note that Tomcat is implemented from the point of view that *any* JMX
access is equivalent to full administrative access.
Mark
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org
