Craig R. McClanahan wrote:
>On Mon, 13 Aug 2001, Christopher Cain wrote:
>
>>I'm in the process of cleaning up the 4.0 SSLServerSocketFactory, and it
>>occurs to me that I find the getKeystorePass method offensive. There
>>should never be any reason to retrieve the keystore password once it's
>>set, and it makes me uncomfortable having the method there. I'm not sure
>>if it could somehow be called from a webapp,
>>
>It cannot.
>
Correct me if I am wrong, but this is because the classes used by each
webapp are loaded by a webapp-specific classloader, right?
>>but it could certainly be
>>called from a malicious module.
>>
>It can.
>
And again, this is correct because the malicious module would be loaded
by the same classloader used to load the tomcat core classes, right?
>>I'm working on a module to allow administrators to remove the password
>>from server.xml, this method becomes a security hole.
>>
I think the idea of removing passwords from config files, or at least
having the option to do so, is a great one. Keep us posted on the
status of your module. :)
>>There
>>should never be a way to display passwords in any system.
>>
Agreed, *especially* in the case of plaintext passwords.
- jonathan.
