Question about non-default keystore passwords

["James H. H. Lampert" <ja...@touchtonecorp.com>]

Up until the situation prompting my "P7B" thread this week, I hadn't 
bothered with non-default passwords, given that they then have to be 
inserted into the server.xml file in order for them to work.

Have I missed something (I'm sure I've missed a great deal.) Is there a 
way to use a non-default password *without* having to put the password 
in server.xml, for anybody with command-line access to the system to see it?

--
JHHL

---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org

RE: Question about non-default keystore passwords

["Caldarale, Charles R" <Ch...@unisys.com>]

> From: James H. H. Lampert [mailto:jamesl@touchtonecorp.com] 
> Subject: Question about non-default keystore passwords

> Is there a way to use a non-default password *without* having to put 
> the password in server.xml, for anybody with command-line access to 
> the system to see it?

If you're allowing unprivileged users to have access to the Tomcat configuration files, you have much, much bigger problems than them stumbling across the keystore password.

 - Chuck


THIS COMMUNICATION MAY CONTAIN CONFIDENTIAL AND/OR OTHERWISE PROPRIETARY MATERIAL and is thus for use only by the intended recipient. If you received this in error, please contact the sender and delete the e-mail and its attachments from all computers.


---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org

Re: Question about non-default keystore passwords

[Christopher Schultz <ch...@christopherschultz.net>]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

James,

On 9/13/13 5:38 PM, James H. H. Lampert wrote:
> Up until the situation prompting my "P7B" thread this week, I
> hadn't bothered with non-default passwords, given that they then
> have to be inserted into the server.xml file in order for them to
> work.

Wait, you mean you realize that a) the default password is dumb and b)
you are putting it into server.xml which Tomcat must be able to read
and c) the confluence of the two means that a 5up3r_S3kr1t password is
press much useless?

How refreshing. Thanks for being a sane administrator. Honestly.

> Have I missed something (I'm sure I've missed a great deal.) Is
> there a way to use a non-default password *without* having to put
> the password in server.xml, for anybody with command-line access to
> the system to see it?

Nope.

http://wiki.apache.org/tomcat/FAQ/Password

- -chris
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.14 (Darwin)
Comment: GPGTools - http://gpgtools.org
Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/

iQIcBAEBCAAGBQJSM4aZAAoJEBzwKT+lPKRYsrcQAIa4QYIiC2kcmOELc5lRLc4m
ctkpozRevqWQ59toNIA6L44gVd44UtGJMSEeU9iEUmJjNZrQOwVmifd+DIU/J3Wi
V6XgYoL3U5RSjE/eM4mjsHg4+HqTUvdaCVKmM7mdq+KaWocAW3eA9hr24fdUzAn4
Pe8Ms8XsFcQgY5qwg9y/03OIOH4L73LDhVsfVwP5xY388us4bRdXXUIckuGQ7Xsi
Vt6tAd9jTV0i9HD7fO0cm1cRZwJj7rB/reV2DcpVj/E7mCAWfwyXuoE3pC4w9woG
NkjGyj0kKTd8ggUR6YyK9lBPYdC5nB7SR5A0jKACyScJjOlGjLuQaqyzuEXlp0P6
wkToppOi6uyAMMCA4IXUiBGyRVwTMlMkSvPk4ZE74axU3B0RwHxbAO5nhIQdoDZ4
HScQ8cOD5WnFwg1i4d+vIaAzPXK/9Xut6fWzh3IuajRq+BxGpQVGQib0OH+X8rX+
luP6evkBltyHxwUjcVMPXQ5ZWjoL5U5A8yAzTCi+MROKzub2v84Afarz5Z88DXKg
w9ZuHMW3is5SG8F2GW+pSXtcj8wxeP+GSYYCppkrXEmpBW+LZhcWMH9USm2nEFDJ
bdZu77+i8LU25miT/BxxffWOfE5xccbJ7zushTOz1UfMFfmRHyS3LlYl4xoD7GI0
EIMzotSYI9pmxRRurClS
=lQnA
-----END PGP SIGNATURE-----

---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org