On Fri, 2010-08-27 at 17:53 -0400, Christopher Schultz wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> Vijay,
>
> On 8/27/2010 5:41 AM, Vijay wrote:
> > I am looking for a way to use only encrypted passwords.
>
> Cool. How are you going to do that?
>
> > I am looking to write a wrapper class that decrypts the password passed as
> > an environment variable to tomcat, and then sets the system property
> > javax.net.ssl.keyStorePassword inside the JVM itself.
> >
> > Something in the lines of :
> >
> > public class WrapperTomcatBootstrap {
> >
> > public static void main(String args[]) {
> > String encryptedKeystorePassword =
> > System.getenv("ENCRYPTED_KEYSTORE_PASSWORD");
>
> Uh... the environment isn't safe, either. How will you protect the
> environment?
>
> - -chris
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v1.4.10 (MingW32)
> Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/
>
> iEYEARECAAYFAkx4M9EACgkQ9CaO5/Lv0PChhACfdQTWJqANWEcmpYIpInNi2bzT
> 7T8AoJjS1pPfc3oXpMB/AU8coCtKMetE
> =IVNT
> -----END PGP SIGNATURE-----
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
> For additional commands, e-mail: users-h...@tomcat.apache.org
>
I've implemented myself something similar. It's far from be secure
enough for production enviroments, but... it works.
I'm using it just to encrypt the connection pooling password.
Actually, i subclassed the
org.apache.tomcat.dbcp.dbcp.BasicDataSourceFactory, implementing my own
class that simply picks username/password/url and replaces them in
memory using a supplied password.
...but...
So far, i wasn't able to implement an internal password input, actually
i pass it to the class using and external file (shredded after been
read), but this is really far from been secure, as the file exists on
disk for a split second.
Using enviroment or (worst) cmdline parameters is surely avoidable, as
them are both available in /proc after the startup.
Moreover, the Datasource structure is fully _clear text_ exposed using
jmx, allowing anyone has the right permission to get it clear.
You should also keep in mind what someone just pointed in the previous
messages: startup/restart could not be unattended.
I use SMF on solaris to keep tomcat up & running in an unattended
manner, but this new method forces me to avoid smf, leading to a
"per-node" greater downtime.
I'm working to secure this, but...it's not too easy (and i'm surely not
a skilled programmer...).
But I hope this topic will be kept up!
Thanks for sharing.
Luca Gervasi
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org
