> From: Jan Mönnich [mailto:[EMAIL PROTECTED]
> we have a very sensitive webapp that requires the input of a password
> when the tomcat server starts. We don't want to store this password
> in a file. One way we've already tested could be the use of a JDialog
> with a JPasswordField that is shown in the init() method of a servlet
> (<load-on-startup>1). Unfortunately this requires our server to run
> X11... :-(
>
> Is there any (hidden) way to input this password on the terminal
> tomcat was started from?
Assuming all communication is via HTTPS, an alternative goes roughly as follows:
- Pull any initialisation out of the servlet's init(), leaving just a boolean
as to whether the password's been entered or not;
- Modify the servlet to serve a please-enter-the-password page at a particular
URL;
- When the user enters the password, run any init code;
- Refuse to serve any other pages until the password has been entered.
This uses Tomcat's normal interface - HTTP - to your advantage, and probably
maintains security to the level you need - you'll have to evaluate that.
Depends how much control you have over the webapp, though.
- Peter
---------------------------------------------------------------------
To start a new topic, e-mail: [email protected]
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
