On 8/27/2010 9:02 AM, Wesley Acheson wrote: ...
I've been giving this whole issue a lot of thought. And not just now for months now. I was wondering if the following was possible in theory, When tomcat is started up it prompts for the password? Wouldn't that help with the whole smoke and mirrors situation?
If you can always be sure somebody is available when tomcat is restarted, I would think that would work to prevent having any clear-text passwords on disk anywhere. It would be really easy to have a single web page where the administrator could go to enter the password after a restart, and there are some checks you could do to help make that fairly secure (i.e. if the password has already been entered, don't allow anybody to enter it again, etc).
Essentially you'd be trading possible downtime for a little more security, but only you can make the decision as to whether that's an appropriate tradeoff for your app.
D --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
