--- "Pier P. Fumagalli" <[EMAIL PROTECTED]> wrote:
> Jim Seach at [EMAIL PROTECTED] wrote:
> >
> > One of the possible custom solutons is to encrypt the
> > other information with your public key, then use the
> > private key to decrypt the other sensitive
> > information.
>
> Cool, are we going to use a private key to encrypt the password for
> the
> private key of Tomcat? Cool, kinda gets recursive... :) WHAT?
>
> Pier
>
That would be a good trick! :)
What I meant was, in order to implement SSL, Tomcat must be able to
decrypt the keystore to retrieve the private key for the cert. A
Tomcat extension or module could be developed to use the private key
not only to decode the SSL traffic, but also to decode other
information like database passwords and so forth that developers wished
to securely make available to Tomcat. (How to make this information
available to the webapp code would have to be carefully designed) If
Christopher's suggestion about prompting for the keystore key is
implemented, none of these private pieces of information need to be
stored in plaintext.
Jim
__________________________________________________
Do You Yahoo!?
Make international calls for as low as $.04/minute with Yahoo! Messenger
http://phonecard.yahoo.com/
