On Tue, 31 Jul 2001, Jim Seach wrote:
> What I meant was, in order to implement SSL, Tomcat must be able to
> decrypt the keystore to retrieve the private key for the cert. A
> Tomcat extension or module could be developed to use the private key
> not only to decode the SSL traffic, but also to decode other
> information like database passwords and so forth that developers wished
In particular the admin and/or ajp password :-)
One of the biggest problems is that so many people are installing tomcat
and they just forget to change the passwords.
We already generate a random number for the shutdown command, but a module
that checks if the admin password is still "changethis" and refuse to
start until the user types a better password will do a lot for secuirty
:-)
I'm not very sure about certificate passwords or other things - but if
someone needs this then great. I think ( IMHO ) the authentication, etc
should happen outside tomcat ( at least in a different process ), I'm not
sure if existing auth servers ( kerberos, tacacs, radius, etc ) have any
support for certificates, but as long as tomcat is running user code (
even with the security manager in place ), I wouldn't trust it more than I
have to.
And don't forget that tomcat may even crash, or hung ( well, if not tomcat
maybe some user code or even the JDK or OS ). :-)
Costin
