Hi Mark,
I guess I am getting the point you are trying to make .. As long
as the password or (the encrypted password and the secret key) are present
at some location (file system / database/ etc) .. there is a security gap ..
I agree with this ..
This said, I am trying to find a way to get tomcat work with an encrypted
password. [given the fact there is no way anyone can get to the secret key
for decrypting the password]
Thanks!
Vijay
On Fri, Aug 27, 2010 at 4:07 PM, Mark Thomas <ma...@apache.org> wrote:
> On 27/08/2010 11:26, Vijay wrote:
> > For prototyping purposes, I am embedding the secret key in the program
> > itself.
> > If the solution works out, having it in a secure database is an option I
> am
> > considering..
>
> And how do you propose to provide the password Tomcat uses to access
> this secure database?
>
> Mark
>
> > On Fri, Aug 27, 2010 at 3:45 PM, Mark Thomas <ma...@apache.org> wrote:
> >
> >> On 27/08/2010 10:41, Vijay wrote:
> >>> I am looking to write a wrapper class that decrypts the password passed
> >> as
> >>> an environment variable to tomcat, and then sets the system property
> >>> javax.net.ssl.keyStorePassword inside the JVM itself.
> >>
> >> And how do you propose to provide the secret key required to perform the
> >> decryption?
> >>
> >> Mark
> >>
> >> ---------------------------------------------------------------------
> >> To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
> >> For additional commands, e-mail: users-h...@tomcat.apache.org
> >>
> >>
> >
> >
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
> For additional commands, e-mail: users-h...@tomcat.apache.org
>
>
