Re: Number of logs files and encrypt manager passwd

Mon, 15 Jul 2013 08:36:24 -0700 

Spencer Lamont R CONTR USSTRATCOM/J646 wrote:

Dan:

 1. 7.0.14
2. attachment.
3. I found these steps online. I am using SHA-1 or SHA-256, trying to.


You realise that this is somewhat ridiculous, I suppose ?
What these instructions make you do, is replace one plain-text password in the file, by another plain-text password. That the 2d password happens to be the result of hashing the first one does not change that. Anyone getting access to the tomcat-users.xml file, can now use the password that is in there, to login as manager.
Of course, the key here is "Anyone getting access to the tomcat-users.xml file". That is what you should protect. If any unauthorised person can get access to any of your server's configuration files, you are in deep trouble anyway. 



THX.

-----Original Message-----
From: Daniel Mikusa [mailto:dmik...@gopivotal.com] Sent: Monday, July 15, 2013 9:31 AM 
To: Tomcat Users List
Subject: Re: Number of logs files and encrypt manager passwd

On Jul 15, 2013, at 10:04 AM, Spencer Lamont R CONTR USSTRATCOM/J646
<lamont.r.spencer....@stratcom.mil> wrote:
To all: I am looking for the file in which to set the number of logs to keep. 

You can configure logging in "conf/logging.properties", however the default
configuration does not offer a way to do what you are asking.  It simply
creates a new log file every day.  You would need to manually clean them up
with a cron job or scheduled task.

Alternatively, you could enable Log4j which automatically cleans up old
files.

  https://tomcat.apache.org/tomcat-7.0-doc/logging.html#Using_Log4j


Also I tried to encrypt the manager password to the manager web page. I

did the steps with the realm and users file, but when I went to access the
page it would not work. When I put the unencrypted passwd back it works.

You're going to need to provide more information here.  Start by including
this.

1.) What version of Tomcat are you running?  Include the whole number, 6.0.x
or 7.0.x.

2.) How do you have your realm and user's configured?  Please include the
XML configuration, minus comments and any sensitive information.

3.) Are you trying to use encryption or hashing?

Dan
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org




---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Reply via email to