Suggestions -----Original Message----- From: André Warnier [mailto:a...@ice-sa.com] Sent: Monday, July 15, 2013 10:35 AM To: Tomcat Users List Subject: Re: Number of logs files and encrypt manager passwd
Spencer Lamont R CONTR USSTRATCOM/J646 wrote: > Dan: > > 1. 7.0.14 > 2. attachment. > 3. I found these steps online. I am using SHA-1 or SHA-256, trying to. You realise that this is somewhat ridiculous, I suppose ? What these instructions make you do, is replace one plain-text password in the file, by another plain-text password. That the 2d password happens to be the result of hashing the first one does not change that. Anyone getting access to the tomcat-users.xml file, can now use the password that is in there, to login as manager. Of course, the key here is "Anyone getting access to the tomcat-users.xml file". That is what you should protect. If any unauthorised person can get access to any of your server's configuration files, you are in deep trouble anyway. > > THX. > > -----Original Message----- > From: Daniel Mikusa [mailto:dmik...@gopivotal.com] > Sent: Monday, July 15, 2013 9:31 AM > To: Tomcat Users List > Subject: Re: Number of logs files and encrypt manager passwd > > On Jul 15, 2013, at 10:04 AM, Spencer Lamont R CONTR USSTRATCOM/J646 > <lamont.r.spencer....@stratcom.mil> wrote: > >> To all: >> >> I am looking for the file in which to set the number of logs to keep. > > You can configure logging in "conf/logging.properties", however the > default configuration does not offer a way to do what you are asking. > It simply creates a new log file every day. You would need to > manually clean them up with a cron job or scheduled task. > > Alternatively, you could enable Log4j which automatically cleans up > old files. > > https://tomcat.apache.org/tomcat-7.0-doc/logging.html#Using_Log4j > >> Also I tried to encrypt the manager password to the manager web page. >> I > did the steps with the realm and users file, but when I went to access > the page it would not work. When I put the unencrypted passwd back it works. > > You're going to need to provide more information here. Start by > including this. > > 1.) What version of Tomcat are you running? Include the whole number, > 6.0.x or 7.0.x. > > 2.) How do you have your realm and user's configured? Please include > the XML configuration, minus comments and any sensitive information. > > 3.) Are you trying to use encryption or hashing? > > Dan > --------------------------------------------------------------------- > To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org > For additional commands, e-mail: users-h...@tomcat.apache.org > --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
smime.p7s
Description: S/MIME cryptographic signature
