You are correct, I¹m trying to authorize the web app, not the user. Goal: I am trying to come up with a way for a Tomcat app to securely store and retrieve the password it needs to access a DB.
My definition of ³secure² includes ³there exist no files with an unencrypted copy of the password². IIUC, JNDI fails this test. My requirements include that all web app components are checked in to a source control system that malicious users can have read access to. Solution: 1: Trusted user creates public:private key pair (1), distributes public key 2: Web app developer creates pubic:private key pair (2), distributes public key 3: Web app developer encrypted password with private key 2, then public key 1, stores with web app 4: Web app calls decryption jar that¹s in tomcat/lib, passing in the encrypted password from step 3 5: Decryption code determines which app called it, pulls the public key (3) saved for that app 6: Decryption code decrypts with private key 1, public key 3, and returns the unencrypted password. So long as 1: Trusted user can store private key where it¹s secure, but accessible to decryption code, and 2: Can correctly determine the calling app, I believe this setup is secure. We log who uploads the web apps, so if user X uploads a bogus ³User Y App², we can deal with that. -- Gregory Dougherty Sr. Analyst/Programmer | Information Technology Information Technology (507) 284-8493 | dougherty.greg...@mayo.edu On 2/12/16, 2:00 PM, "Leo Donahue" <donahu...@gmail.com> wrote: >On Feb 11, 2016 4:56 PM, "Dougherty, Gregory T., M.S." < >dougherty.greg...@mayo.edu> wrote: >> >> I would like to have a jar file in tomcat/lib that can be called from >>any >of the running web apps. I need for the code in the jar to behave >differently depending on which web app called it. > >I would agree with what the others are saying here. It seems you are >trying to authorize an entire web app instead of authoring the user of the >web app. > >If the jar simply needs to take action based on a role of some kind, then >could you not tie in a ldap user with appropriate role? > >Leo --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
