André Warnier wrote:
start)
su - tomcatuser -c "/var/lib/jvm/java $CONFIDENTIAL_SETTINGS -jar
...."
All of your 'confidential settings' will be visible to all users with
one command:
ps aux
There're ways to restrict such listing to only your processes. But
anyway, command line arguments are not a good place to specify
confidential values.
In my opinion there're mostly two cases:
1.
Customer doesn't know anything, or knows very little about passwords,
architecture, etc. So you usually embed such information in some kind of
configuration file (web.xml or some other properties file), etc. In
short words: you know all the details, but you will not break/steal
customer's service/data.
2. Customer is security-aware. So either he isn't your customer anymore
;-) Or you do not have any access to his infrastructure. You're forced
to use JNDI resources so you usually do not need any
usernames/passwords. Even if, username is useless without access to
customer's infrastructure. Finally, his team will review war file before
deploy anyway.
In my opinion it is mush simpler, more secure to have just another
tomcat installation, dedicated for one special-and-important
application, run by dedicated user, than to mess with some strange JVM
startup options.
--
Mikolaj Rydzewski <m...@ceti.pl>
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org