You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@tomcat.apache.org by Chapoor Chapoor <ch...@gmail.com> on 2005/11/21 14:13:41 UTC
where to store SECURITY key
Hi,
Im about to set up a web application running Tomcat.
The application will handle a simple user account information, etc.
Some data will need to be encrypted before storing it into a database.
I will use AES for encryption/decryption.
A "password" will be used as a phrase/key.
Now where can I store this key? and still have "good" security.
I dont want to store it on disk. Im thinking of having it only in memory.
I m thinking of giving the password each time Tomcat is started.
How do you force tomcat to ask a password during startup?
How do you avoid memory swapping? And is there any risk that the password is
removed from
memory even that Tomcat is running? How to avoid this?
Do you have better solutions?
Please advice,
Great thanks,
Chapoor
Re: where to store SECURITY key
Posted by Mark Thomas <ma...@apache.org>.
Chapoor Chapoor wrote:
> Now where can I store this key? and still have "good" security.
Good is a relative term. You need to do a threat assessment to
identify your threats and then mitigate them until the risk level
reaches an acceptable level. I would be *very* surprised if this
included not having the password on disk.
> I dont want to store it on disk. Im thinking of having it only in memory.
>
> I m thinking of giving the password each time Tomcat is started.
> How do you force tomcat to ask a password during startup?
Doesn't do this out of the box. You need to write some custom code
either in your app or to modify Tomcat directly.
> How do you avoid memory swapping?
With great difficulty.
> And is there any risk that the password is
> removed from
> memory even that Tomcat is running? How to avoid this?
Yes but a very low one. Avoiding it is really difficult.
> Do you have better solutions?
You seem to be trying to mitigate against the risk of an unauthorised
user gaining access to the Tomcat box and reading the password of the
disk. If an attacker has access to the box you have much bigger
problems. They could, for example,
- replace your webapp with one that emailed them every piece of data
that your webapp encrypts
- trash your box
- in fact, pretty much whatever they like
Fundamentally you seem to have a very narrow view of your threats and
are missing some which are much bigger and much easier for an attacker
to implement. BTW, if your app requires 24x7 availability you will
need at least 5 people who know the pass-phrase.
Mark
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org