-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Martin,
On 2/22/17 5:19 AM, Martin Knoblauch wrote: > On Tue, Feb 21, 2017 at 8:55 PM, Mark Thomas <ma...@apache.org> > wrote: > >> On 21/02/2017 13:31, Martin Knoblauch wrote: >>> Hi, >>> >>> is there a way to find the absolute path of the application >>> root before the servlet is initialized? >>> >>> Alternatively: is there a way to defer the initialization of a >>> datasource until the servlet is initialized? >>> >>> Background: I have extended "org.apache.tomcat.jdbc.pool. >> DataSourceFactory" >>> to automatically set credentials so that they are not stored >>> in the "Catalina/localhost/XXX.xml" file. Instead they are >>> taken from encrypted values in a file below the application >>> root. Works fine if I know that >> path >>> at "createDataSource" time. >> >> And the decryption key for that file is stored where? >> >> https://wiki.apache.org/tomcat/FAQ/Password >> >> > Thanks for link. It clearly reflects my opinion as well Good. At least you know this is all a farce. > , but the customer demand is: > > - no plain-text credentials (Big multinational company security > policies - fight them if you need the fun). And yes, this is all > about making auditors happy Obviously, you are still failing this requirement. The only requirement you are satisfying is "no plain-text credentials in a standard configuration file". What you are doing is moving the plain-text credentials into a non-standard configuration file. > - minimize the locations where credentials are stored. This is > only lightly related to the decrypt issue. Having to store > identical stuff in more than one place is opening up all other > sorts of practical issues This is a reasonable requirement, as it helps reduce the attack surface. But when the attack surface is "a file on the disk", getting owned means you are owned, regardless of the location of the file(s). As for the location of the secrets file, would it be possible to store it *outside* of the web application's on-disk footprint? That will in fact make you more secure. Let's say for example that a vulnerability exists in the DefaultServlet, or one of your application's own servlets. It allows path-traversal or whatever. A file living in your application will then be potentially remotely-fetchable :( If you move that file outside of the web application, you have a better change of preventing that kind of thing. If the file is located outside of the application, you may be able to reference it directly -- e.g. /etc/secrets/my-application-secrets.conf - -chris -----BEGIN PGP SIGNATURE----- Comment: GPGTools - http://gpgtools.org Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/ iQIcBAEBCAAGBQJYsGgKAAoJEBzwKT+lPKRYzeEQAKV4Gn9E2ymPQpY4sQQqmuNW hTUVT2Wc/yIO5Cy7leyrDCTKIwPgasavmuF1c4qjno+i7Q9utL58s7XkeUYUpJTf 6y/Ry+XcCFtS493YAhNl64oJnAt5++vKSO7/b97qe2NaHbOfAGOH8IsNlyjelPPw N0an2Z8sjkyTQ+x7Anic239coEUf0wAKJ/lczI4KhkugHiz3JCwUQl/YqKRsgJZ7 UQQbX4lO/8qib+8Bcqgn1OoAf64bYN8J2/7/yB4+fEmEUeRc5NTK3knePDX2VtTr r62iRlh0a8YHHgEvgPNPwn4CwGF3gBYuv2Wfo6+g8exQpRBMwAIkyW7+FyulALGr +cCBn1X+9jiY8YZBqJxdweb02kotYga1rTUHAorguGHzGryCrC7KiVy5CdXC9aYj wTRlEKauXH+G878M0iJw1oMJlEiAOO+5UIW/Jb9T8Z8nhcpgRwb50O4IpwKU84Gn dMDhkUc6WL2almtlD9gu3/Uzbju41NzZWhEdXcfSr/JafsoiEBl2c1wAP/tgmzSu GvQnT1OHBpbNcqCOsKfGAi8B/HGwVHuaUCjVuTX8qfVf3EcZ1Y8A4COGLITorawr AbPgnHrTM9a16o+50Jzzylv4FUieBJlfehMgfRKhlEWPsBkeT0bfnBZGeXtnHsu6 4MzpshE1LrK5LI+5fvEJ =xzqv -----END PGP SIGNATURE----- --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
