Hi Mark, I guess I am getting the point you are trying to make .. As long as the password or (the encrypted password and the secret key) are present at some location (file system / database/ etc) .. there is a security gap .. I agree with this ..
This said, I am trying to find a way to get tomcat work with an encrypted password. [given the fact there is no way anyone can get to the secret key for decrypting the password] Thanks! Vijay On Fri, Aug 27, 2010 at 4:07 PM, Mark Thomas <ma...@apache.org> wrote: > On 27/08/2010 11:26, Vijay wrote: > > For prototyping purposes, I am embedding the secret key in the program > > itself. > > If the solution works out, having it in a secure database is an option I > am > > considering.. > > And how do you propose to provide the password Tomcat uses to access > this secure database? > > Mark > > > On Fri, Aug 27, 2010 at 3:45 PM, Mark Thomas <ma...@apache.org> wrote: > > > >> On 27/08/2010 10:41, Vijay wrote: > >>> I am looking to write a wrapper class that decrypts the password passed > >> as > >>> an environment variable to tomcat, and then sets the system property > >>> javax.net.ssl.keyStorePassword inside the JVM itself. > >> > >> And how do you propose to provide the secret key required to perform the > >> decryption? > >> > >> Mark > >> > >> --------------------------------------------------------------------- > >> To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org > >> For additional commands, e-mail: users-h...@tomcat.apache.org > >> > >> > > > > > > > --------------------------------------------------------------------- > To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org > For additional commands, e-mail: users-h...@tomcat.apache.org > >