--- Christopher Cain <[EMAIL PROTECTED]> wrote:
>
>
> The system would still have to have access to the private key, which
> would have to be protected with some kind of PBE scheme, in which
> case
> you are right back to specifying a password in the config files.
>
> Aside from that, it's not really a "custom" solution in the sense
> that I
> can implement it without hacking Tomcat. Any possible solution to not
> storing the password in the clear will require a custom build of
> Tomcat,
> which is really one of my points. One can work around the other
> security
> issues without resorting to that. I am going to have to hack a more
> secure solution into Tomcat at this point regardless. My hope is that
> we
> can come to some kind of consensus on the best way to lock the SSL
> keystore down so that I can contribute the code back to the product.
> IMHO, the current solution is a rather big hole waiting to be
> exploited
> and needs addressing anywy, at least in a business production
> environment.
I agree, this could be done now, since the keystore password is in the
config file, but my assumption was that it is not worth going through
the additional effort to secure the other information unless your
proposal were implemented.
At that point, it might be worth it to develop a standard (carefully
designed) way to store other information in order to get around Craig's
scalability concerns.
>
> > Anyway, if you implement the "prompt for key on
> > reboot" it could always be a configurable option, so
> > if someone didn't feel that level of security was
> > necessary, they wouldn't have to use it.
>
> Excellent idea! Configurable is good =) I wouldn't mind at all adding
> that in during my rework, assuming everyone agrees that it makes
> sense
> (and that my basic patches are accepted anyway, of course :-)
>
> - Christopher
Jim
__________________________________________________
Do You Yahoo!?
Make international calls for as low as $.04/minute with Yahoo! Messenger
http://phonecard.yahoo.com/
