I'm in the process of cleaning up the 4.0 SSLServerSocketFactory, and it
occurs to me that I find the getKeystorePass method offensive. There
should never be any reason to retrieve the keystore password once it's
set, and it makes me uncomfortable having the method there. I'm not sure
if it could somehow be called from a webapp, but it could certainly be
called from a malicious module. Even simpler, a single startup class
could be modified to echo the password to either sysout or a logfile. If
I'm working on a module to allow administrators to remove the password
from server.xml, this method becomes a security hole.
Anyone care if I remove this method? It's not currently being called
from anywhere, and I can't think of a legitimate use for it. There
should never be a way to display passwords in any system.
Can I fix this in 3.3 as well?
Your resident paranoid security freak,
Christopher
