Re: just wondering.. encryption in context.xml?

Alex O'Ree Sat, 08 Apr 2023 13:02:06 -0700

For context.xml, you can do the following....

make a java project with the following dependency
<dependency>
<groupId>org.apache.tomcat</groupId>
<artifactId>tomcat-dbcp</artifactId>
<version>INSERT APPROPRIATE VERSION HERE</version>
<scope>provided</scope>
</dependency>


Make a class that extends org.apache.tomcat.dbcp.dbcp.BasicDataSourceFactory
then you can transform the stored credential using whatever makes sense to
you. Perhaps an AES based mechanism.

In context.xml specify a "factory" attribute that points at your extended
BasicDataSourceFactory

A similar technique can be used for SSL keystore passwords in server.xml by
extending the http protocol classes and overriding the password mechanisms.
Enjoy


On Sat, Apr 8, 2023 at 3:02 PM Chuck Caldarale <n82...@gmail.com> wrote:

> You might want to take a look at this:
>
> Password - Apache Tomcat - Apache Software Foundation
> <https://cwiki.apache.org/confluence/display/TOMCAT/Password>
> cwiki.apache.org
> <https://cwiki.apache.org/confluence/display/TOMCAT/Password>
> [image: favicon.ico]
> <https://cwiki.apache.org/confluence/display/TOMCAT/Password>
> <https://cwiki.apache.org/confluence/display/TOMCAT/Password>
>
>   - Chuck
>
>
> On 2023-04-08, at 13:57, Kevin Huntly <kmhun...@gmail.com> wrote:
>
> okay that's fair
>
> On Sat, Apr 8, 2023, 14:31 Thomas Hoffmann (Speed4Trade GmbH)
> <thomas.hoffm...@speed4trade.com.invalid> wrote:
>
> Hello,
>
> -----Ursprüngliche Nachricht-----
> Von: Kevin Huntly <kmhun...@gmail.com>
> Gesendet: Samstag, 8. April 2023 19:40
> An: users@tomcat.apache.org
> Betreff: just wondering.. encryption in context.xml?
>
> is there currently a method for encrypting or otherwise obfuscating
>
> passwords
>
> (like for MySQL) in the context.mxl
> ________________________________________________
>
> Kevin Huntly
> Email: kmhun...@gmail.com
> Cell: 716/424-3311
> ________________________________________________
>
>
> You might use environment variables or java system properties.
> If someone has access to your context.xml, then your server is compromised
> anyway.
>
> Greetings,
> Thomas
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
> For additional commands, e-mail: users-h...@tomcat.apache.org
>
>
>

Re: just wondering.. encryption in context.xml?

Reply via email to