Chris, Microsoft seems to have a good solution for that. The 'keys' are associated with na specific domain account... What do you think: http://msdn2.microsoft.com/en-us/library/ms995355.aspx
Thank you! -----Mensagem original----- De: Christopher Schultz [mailto:[EMAIL PROTECTED] Enviada em: sexta-feira, 17 de agosto de 2007 15:17 Para: Tomcat Users List Assunto: Re: RES: Context.xml file -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Marcus, Milanez, Marcus wrote: > Regarding that, I came across an implementation suggestion which seems > to be valid, but still seems to have security issues. What do you think? > Take a look at http://wldj.sys-con.com/read/393364.htm Wow, what a miserably useless article. Tomcat as a reference implementation is not meant to be used in production? Sounds like BEA FUD or something like that. You have identified the source of the problem: the application server actually needs access to production database. You simply can't get around this. If a hacker compromises your application server, they will have access to your database. The only way to prevent that from happening is to have Tomcat ask you to enter the database credentials at container startup (or app deployment) from the console. No reasonable system administrator is going to stand for that crap, because it means that if your container needs to be restarted (or the server reboots) or you need to re-deploy the application, your app is totally down until someone types-in the magic incantation to get your application attached to the database. If you encrypt the credentials in the server.xml file, you have to store the encryption key somewhere the code can access it. You have simply moved the problem. You can move it many, many times, but you won't get any more secure. - -chris -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.7 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFGxeYC9CaO5/Lv0PARAhMlAJ4kzva8Cs2qAnvjVXTHEZ9NkIY57gCfTlFI qcfAKCw5Zv8l8Ou4EKGqA4U= =/2Wu -----END PGP SIGNATURE----- --------------------------------------------------------------------- To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] --------------------------------------------------------------------- To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
