Oh, one thing I left out: Tomcat is running multiple web apps, each which needs its own password(s).
Tomcat is run by the sys admin, who is presumed to be trusted. The sys admin will be creating the public:private key pair in step 1. The encryption code will be checked by multiple people, and is assumed to be trusted. This solution does not concern itself with the possibility of someone modifying the Tomcat app that everyone is running under (not saying it can’t happen, saying it’s outside the scope of concern at this time). -- Gregory Dougherty Sr. Analyst/Programmer | Information Technology Information Technology (507) 284-8493 | dougherty.greg...@mayo.edu On 2/12/16, 2:35 PM, "Dougherty, Gregory T., M.S." <dougherty.greg...@mayo.edu> wrote: >You are correct, I¹m trying to authorize the web app, not the user. > >Goal: I am trying to come up with a way for a Tomcat app to securely store >and retrieve the password it needs to access a DB. > >My definition of ³secure² includes ³there exist no files with an >unencrypted copy of the password². IIUC, JNDI fails this test. > >My requirements include that all web app components are checked in to a >source control system that malicious users can have read access to. > >Solution: >1: Trusted user creates public:private key pair (1), distributes public >key >2: Web app developer creates pubic:private key pair (2), distributes >public key >3: Web app developer encrypted password with private key 2, then public >key 1, stores with web app >4: Web app calls decryption jar that¹s in tomcat/lib, passing in the >encrypted password from step 3 >5: Decryption code determines which app called it, pulls the public key >(3) saved for that app >6: Decryption code decrypts with private key 1, public key 3, and returns >the unencrypted password. > >So long as 1: Trusted user can store private key where it¹s secure, but >accessible to decryption code, and 2: Can correctly determine the calling >app, I believe this setup is secure. > >We log who uploads the web apps, so if user X uploads a bogus ³User Y >App², we can deal with that. >-- >Gregory Dougherty >Sr. Analyst/Programmer | Information Technology >Information Technology >(507) 284-8493 | dougherty.greg...@mayo.edu > > > > > > > >On 2/12/16, 2:00 PM, "Leo Donahue" <donahu...@gmail.com> wrote: > >>On Feb 11, 2016 4:56 PM, "Dougherty, Gregory T., M.S." < >>dougherty.greg...@mayo.edu> wrote: >>> >>> I would like to have a jar file in tomcat/lib that can be called from >>>any >>of the running web apps. I need for the code in the jar to behave >>differently depending on which web app called it. >> >>I would agree with what the others are saying here. It seems you are >>trying to authorize an entire web app instead of authoring the user of >>the >>web app. >> >>If the jar simply needs to take action based on a role of some kind, then >>could you not tie in a ldap user with appropriate role? >> >>Leo > > >--------------------------------------------------------------------- >To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org >For additional commands, e-mail: users-h...@tomcat.apache.org >
