On 29/10/2010 14:42, Rainer Frey wrote: > On Friday 29 October 2010 15:34:29 Mark Thomas wrote: >> If Tomcat has access to a database and the attacker has access to a >> shell prompt (or similar) with the same privileges as Tomcat then the >> attacker has access to the database and there is absolutely nothing you >> can do to prevent that. > > In theory, there is a way Tomcat could implement. You could interactively ask > for all needed passwords when starting Tomcat and keep them only in memory. > httpd does that by default for encrypted SSL primary keys. But in practice > the > userbase that would accept the inconvenience and the impossibility to > automatically start tomcat would be too small to spend time for that. And the > practical security gain is small.
Actually it is pretty much zero. If the password is in memory it will be in a known location and an attacker will still be able to read it (reflection, heap dump, etc). With httpd the barrier is a little higher since it is likely to be harder to find the right bit of memory. Agreed that the downtime issues far outweigh and security benefits. Mark --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org