Hi, I've been upgrading from Tomcat 6 to Tomcat 7 (7.27) and I've noticed that the keystore and truststore passwords are exposed via JMX in cleartext (in the bean JIoEndpoint). This was not the case in Tomcat 6, for example JIoEndpoint bean which was exposed had much fewer attributes. I have specified the passwords as attributes in the HTTPS connector tag in server.xml.
Here an example with an otherwise unmodified Tomcat 7: http://postimage.org/image/400y2pqsr/ How can I prevent that data to be exposed (as cleartext), as well as the keystore and truststore path? Thanks --------------------------------------------------------------------- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
