-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
Mark,
On 1/23/18 9:04 AM, Mark H. Wood wrote:
> Well, there are several layers of problems here, with different
> ways of addressing them.
>
> Command lines are available using 'ps', so any secrets written on
> the command line are visible to anyon
uding those set using
> >> the -D syntax, those automatically made available by the JVM and
> >> those configured in the $CATALINA_BASE/conf/catalina.properties
> >> file."
> >>
> >> [1] https://tomcat.apache.org/tomcat-7.0-doc/config/index.html
>
ginal Message- From: Algirdas Veitas
>> [mailto:apvei...@gmail.com] Sent: Monday, January 22, 2018 4:02
>> PM To: users@tomcat.apache.org Subject: Using Environment
>> variables instead of Java -D properties for context.xml
>> substitution
>>
>> Hi,
>&
ser-id under which the server runs
>>> (and
>>> of course whoever can create such a file).
>>> And if someone not authorized to do so, has access to that file, then you
>>> have bigger problems than just with the server software.
>>>
>>>
>>
Well, there are several layers of problems here, with different ways
of addressing them.
Command lines are available using 'ps', so any secrets written on the
command line are visible to anyone able to get a session on that host,
for the duration of the command. There's no way around this that I
se automatically made available by the JVM and those
configured
in the $CATALINA_BASE/conf/catalina.properties file."
[1] https://tomcat.apache.org/tomcat-7.0-doc/config/index.html
-Original Message-
From: Algirdas Veitas [mailto:apvei...@gmail.com]
Sent: Monday, January 22, 2018 4:02 PM
To:
2018-01-23 16:14 GMT+03:00 Peter Kreuser :
> BTW:
>
>
>> Am 23.01.2018 um 13:56 schrieb Peter Kreuser :
>>
>> Algirdas,
>>
>>
>>
>>> Am 23.01.2018 um 13:27 schrieb Algirdas Veitas :
>>>
>>> Andre, my apologies for bringing up a topic that has been repeated ad
>>> nauseum.
>>>
>>> We were thinking o
ly* by the user-id under which the server runs (and
>>> of course whoever can create such a file).
>>> And if someone not authorized to do so, has access to that file, then you
>>> have bigger problems than just with the server software.
>>>
>>>
>
t;>>
>>>> " All system properties are available including those set using the -D
>>>> syntax, those automatically made available by the JVM and those
>>>> configured
>>>> in the $CATALINA_BASE/conf/catalina.properties file.&
lable including those set using the -D
>>> syntax, those automatically made available by the JVM and those
>>> configured
>>> in the $CATALINA_BASE/conf/catalina.properties file."
>>>
>>> [1] https://tomcat.apache.org/tomcat-7.0-doc/config/index.html
html
-Original Message-
From: Algirdas Veitas [mailto:apvei...@gmail.com]
Sent: Monday, January 22, 2018 4:02 PM
To: users@tomcat.apache.org
Subject: Using Environment variables instead of Java -D properties for
context.xml substitution
Hi,
We have a context.xml under $TOMCAT_HOME/conf t
l
>
>
> -Original Message-
> From: Algirdas Veitas [mailto:apvei...@gmail.com]
> Sent: Monday, January 22, 2018 4:02 PM
> To: users@tomcat.apache.org
> Subject: Using Environment variables instead of Java -D properties for
> context.xml substitution
>
> Hi,
>
tomcat-7.0-doc/config/index.html
-Original Message-
From: Algirdas Veitas [mailto:apvei...@gmail.com]
Sent: Monday, January 22, 2018 4:02 PM
To: users@tomcat.apache.org
Subject: Using Environment variables instead of Java -D properties for
context.xml substitution
Hi,
We have a context
Hi,
We have a context.xml under $TOMCAT_HOME/conf that looks like this:
if we do something like this in setenv.sh, the substitution works great
export DB_USERNAME=xyz
export DB_PASSWORD=vvv
export JAVA_OPTS="$JAVA_OPTS -DDB_USERNAME=$DB_USERNAME"
export JAVA_OPTS="$JAVA_OPTS -DDB_PASSWORD=$DB
14 matches
Mail list logo
