On 31/10/2010 04:53, Mladen Turk wrote: > On 10/30/2010 07:28 PM, Mark Thomas wrote: >> On 30/10/2010 12:59, Mladen Turk wrote: >>> On 10/29/2010 03:29 PM, Mark Thomas wrote: >>>> >>>> I never said passwords should never be protected. I was quite specific >>>> that trying to encrypt usernames and passwords in server.xml (or >>>> context.xml for that matter) for database resources is a complete waste >>>> of time. >>>> >>> >>> Agreed. If the hacker is already logged in with the same uid, >>> there isn't much you can do. >>> However that make me wonder why are we keeping the passwords >>> in memory unencrypted. I suppose we should do at least some memory >>> cleansing for any intermediate security related processing product. >> >> Unfortunately the database password for a database resource needs to be >> available throughout the life of the Tomcat process. >> > > Well, in theory, once loaded can be kept encrypted inside > in-memory key store using a random key and disk based salt. > This would require a disk read on each database authz to > get the password from in-memory key store however, so > might be a performance issue.
And still doesn't protect from an attacker that has compromised the Tomcat process and/or the user the process is running as. All we are doing here is constructing more and more elaborate security by obscurity mechanisms. Mark --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org