On Fri, Aug 27, 2010 at 2:36 PM, Mark Thomas <ma...@apache.org> wrote: > On 27/08/2010 13:19, Vijay wrote: >> Hi Mark, >> I guess I am getting the point you are trying to make .. As long >> as the password or (the encrypted password and the secret key) are present >> at some location (file system / database/ etc) .. there is a security gap .. >> I agree with this .. > > Bingo! > >> This said, I am trying to find a way to get tomcat work with an encrypted >> password. [given the fact there is no way anyone can get to the secret key >> for decrypting the password] > > Can't be done. As a minimum some secret has to be visible to the process > running Tomcat. Which also means it is visible to any user with root > privileges. > > By far the simplest solution is to have the tomcat user own server.xml > and make that file owner readable only. > > You can, if you want to make server.xml more widely visible, use > property replacement or XML entities to move the password to a separate > file and then lock down that file. > > You also need to lock down any code run by Tomcat to stop a back-door > being inserted. This includes web applications. Alternatively (for web > applications) you could run under a security manager. > > Frankly this rapidly gets to the point where it is easier to: > a) limit access to the machine to people you trust > b) accept that if an attacker compromises the machine through Tomcat > then the password is going to be compromised > > I have seen a lot of other 'solutions' proposed for this problem and I > have yet to see one that isn't anything more than smoke & mirrors > designed to fool people (many of who should know better) into thinking > the password is far more secure than it really is. > > Mark > >> >> Thanks! >> Vijay >> >> On Fri, Aug 27, 2010 at 4:07 PM, Mark Thomas <ma...@apache.org> wrote: >> >>> On 27/08/2010 11:26, Vijay wrote: >>>> For prototyping purposes, I am embedding the secret key in the program >>>> itself. >>>> If the solution works out, having it in a secure database is an option I >>> am >>>> considering.. >>> >>> And how do you propose to provide the password Tomcat uses to access >>> this secure database? >>> >>> Mark >>> >>>> On Fri, Aug 27, 2010 at 3:45 PM, Mark Thomas <ma...@apache.org> wrote: >>>> >>>>> On 27/08/2010 10:41, Vijay wrote: >>>>>> I am looking to write a wrapper class that decrypts the password passed >>>>> as >>>>>> an environment variable to tomcat, and then sets the system property >>>>>> javax.net.ssl.keyStorePassword inside the JVM itself. >>>>> >>>>> And how do you propose to provide the secret key required to perform the >>>>> decryption? >>>>> >>>>> Mark >>>>> >>>>> --------------------------------------------------------------------- >>>>> To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org >>>>> For additional commands, e-mail: users-h...@tomcat.apache.org >>>>> >>>>> >>>> >>>> >>> >>> >>> --------------------------------------------------------------------- >>> To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org >>> For additional commands, e-mail: users-h...@tomcat.apache.org >>> >>> >> > > > --------------------------------------------------------------------- > To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org > For additional commands, e-mail: users-h...@tomcat.apache.org > >
I've been giving this whole issue a lot of thought. And not just now for months now. I was wondering if the following was possible in theory, When tomcat is started up it prompts for the password? Wouldn't that help with the whole smoke and mirrors situation? Regards, Wes --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
