> From: Luca Marchesano [mailto:luca.marches...@ericsson.com] > Subject: Keystore password not masked in server.xml file
> Is there a way to specify the keystore's password in encrypted way? Think about it: where are you going to put the encryption key so Tomcat can get at it to decode the encrypted password? Eventually, something must be in plain text, accessible to Tomcat. Secure your Tomcat configuration files so you don't have to worry about random users looking at them. - Chuck THIS COMMUNICATION MAY CONTAIN CONFIDENTIAL AND/OR OTHERWISE PROPRIETARY MATERIAL and is thus for use only by the intended recipient. If you received this in error, please contact the sender and delete the e-mail and its attachments from all computers. --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org