You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@tomcat.apache.org by 이재만 <le...@naver.com> on 2012/04/19 08:07:06 UTC
dbcp datasource encryption
hi there.
i am operating website on tomcat6 and tomcat7
and i used dbcp as datasource on tomcat7 so i want to encrypt dbcp datasource
how do i encrypt my dbcp datasource .. plase give me some samples.. thanks.
Re: dbcp datasource encryption
Posted by Christopher Schultz <ch...@christopherschultz.net>.
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Filip,
On 4/23/12 1:47 PM, Filip Hanik Mailing Lists wrote:
>> http://wiki.apache.org/tomcat/FAQ/Password
>>
>>
>> In short, no.
>>
>> Encrypting your database, database user, and database password
>> buys you virtually (and most people would say actually) nothing.
>
> "virtually nothing" is the opposite of what I would call it. What
> about compliance, this is HUGE for companies, and not to be
> discarded as an unimportant requirement
While it is viewed as an important requirement, there are really only
3 possible ways to fulfill it:
1. Enter the password at the command-prompt as the service starts (or
allow such credentials to be provided after start-up in some way).
This is the only one of these 3 possibilities that actually offers
any real security. Unfortunately, it's an operational impossibility.
Apache httpd has the same problem with server keys. See #3 for how
that is (stupidly and commonly) handled.
2. Use a de-obfuscator to recover your plaintext credentials from some
non-plain-text input (your suggestion, Filip). This just moves the
problem somewhere else. So, your server.xml (or, better,
context.xml) is clean but your context.xml.secret-stuff is suddenly
not clean because it contains the password for the password. Sure,
you pass an audit that is looking for something very specific, but
you don't buy yourself any real security. It's like requiring a
really good lock on a door when the window next to the door is
always wide open. Yep, that's a great-lookin' lock you got there...
you're definitely protected.
3. Remove the password completely. That is, use a password-less
credential. Sounds completely stupid, right? Well, having a
plaintext password is essentially the same thing, since who would
guess that the password is nothing, right? You'd have to have access
to the server.xml (or context.xml) to know that (unless you just
/tried/ it, of course). Your database ought to be locked-down
enough that you can't connect from just anywhere, so having
remove access to the server that connects to the database is just
as good as having access to the database, right?
This is how Apache httpd recommends that you *don't* set up your
web server's certificate keys. In my experience, *everybody* does
this: you make a password-less key and use that to start your
server. Just make sure you set permissions appropriately.
This is also not secure, but it's very practical: if someone
has access to your box, the game is over anyway. Having a
trivially-discovered password is as good as having no password.
> http://tomcat.markmail.org/thread/wmdu4e52y2msjzal
VMWare's documentation shows you how to do #2 above either with some
other credential (good luck protecting that one any better) or with no
credential (in the example of using Base64 encoding).
- From a requirements-complance perspective, yes, there's some utility
to not having a cleartext password in your configuration file. An
honest risk analysis will show that the case before and after such
obfuscation is identical: you are no more protected than when you
started. It's actually worse, because you *think* you are somehow
magically protected. The security checkboxes have all been checked.
We're secure, right? Drinks all around.
- -chris
-----BEGIN PGP SIGNATURE-----
Version: GnuPG/MacGPG2 v2.0.17 (Darwin)
Comment: GPGTools - http://gpgtools.org
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/
iEYEARECAAYFAk+VtIIACgkQ9CaO5/Lv0PB1ggCgtGxUz183qITETmSyZS7yW2JU
nDoAoJSFWQJvY3B5TGeJlAolohb0rxOg
=LfY/
-----END PGP SIGNATURE-----
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org
Re: dbcp datasource encryption
Posted by Filip Hanik Mailing Lists <de...@hanik.com>.
----- Original Message -----
>
> http://wiki.apache.org/tomcat/FAQ/Password
>
>
> In short, no.
>
> Encrypting your database, database user, and database password buys
> you virtually (and most people would say actually) nothing.
"virtually nothing" is the opposite of what I would call it. What about compliance, this is HUGE for companies, and not to be discarded as an unimportant requirement
http://tomcat.markmail.org/thread/wmdu4e52y2msjzal
If you wish to implement password obfuscator/deobfuscator yourself, you can set the
org.apache.tomcat.util.digester.PROPERTY_SOURCE system property to a class that deobfuscates your password for you
reference: http://tomcat.apache.org/tomcat-7.0-doc/config/systemprops.html
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org
Re: dbcp datasource encryption
Posted by Mark Eggers <it...@yahoo.com>.
----- Original Message -----
> From: 이재만 <le...@naver.com>
> To: Tomcat Users List <us...@tomcat.apache.org>
> Cc:
> Sent: Thursday, April 19, 2012 4:37 PM
> Subject: Re: dbcp datasource encryption
>
>t hanks..
>
>
>
> i want to encrypt password and database in my <Resource> element.
>
> please give me a some imformation about it.
>
>
>
>
> -----Original Message-----
> From: "Christopher
> Schultz"<chris@christopherschultz.net>
> To: "Tomcat Users List"<users@tomcat.apache.org>;
> Cc:
> Sent: 2012-04-20 (금) 01:14:54
> Subject: Re: dbcp datasource encryption
>
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> 이재만,
>
> On 4/19/12 2:07 AM, 이재만 wrote:
> > i am operating website on tomcat6 and tomcat7
> >
> > and i used dbcp as datasource on tomcat7 so i want to encrypt dbcp
> > datasource
> >
> > how do i encrypt my dbcp datasource .. plase give me some
> > samples.. thanks.
>
> It's not clear what you are trying to do:
>
> Are you trying to encrypt your data in the database?
> Are you trying to encrypt your connection to your database?
> Are you trying to encrypt the password to your database in your
> <Resource> element?
>
> - -chris
http://wiki.apache.org/tomcat/FAQ/Password
In short, no.
Encrypting your database, database user, and database password buys you virtually (and most people would say actually) nothing.
. . . . just my two cents.
/mde/
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org
Re: dbcp datasource encryption
Posted by 이재만 <le...@naver.com>.
thanks..
i want to encrypt password and database in my <Resource> element.
please give me a some imformation about it.
-----Original Message-----
From: "Christopher Schultz"<chris@christopherschultz.net>
To: "Tomcat Users List"<users@tomcat.apache.org>;
Cc:
Sent: 2012-04-20 (금) 01:14:54
Subject: Re: dbcp datasource encryption
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
이재만,
On 4/19/12 2:07 AM, 이재만 wrote:
> i am operating website on tomcat6 and tomcat7
>
> and i used dbcp as datasource on tomcat7 so i want to encrypt dbcp
> datasource
>
> how do i encrypt my dbcp datasource .. plase give me some
> samples.. thanks.
It's not clear what you are trying to do:
Are you trying to encrypt your data in the database?
Are you trying to encrypt your connection to your database?
Are you trying to encrypt the password to your database in your
<Resource> element?
- -chris
-----BEGIN PGP SIGNATURE-----
Version: GnuPG/MacGPG2 v2.0.17 (Darwin)
Comment: GPGTools - http://gpgtools.org
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/
iEYEARECAAYFAk+QOf4ACgkQ9CaO5/Lv0PBHogCggb3wdvpiYMRQfkgs9vWJ9LA9
T7cAn0g31CA6PuT3dZOVdtFc2BYmVRZK
=ra9N
-----END PGP SIGNATURE-----
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org
Re: dbcp datasource encryption
Posted by Christopher Schultz <ch...@christopherschultz.net>.
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
이재만,
On 4/19/12 2:07 AM, 이재만 wrote:
> i am operating website on tomcat6 and tomcat7
>
> and i used dbcp as datasource on tomcat7 so i want to encrypt dbcp
> datasource
>
> how do i encrypt my dbcp datasource .. plase give me some
> samples.. thanks.
It's not clear what you are trying to do:
Are you trying to encrypt your data in the database?
Are you trying to encrypt your connection to your database?
Are you trying to encrypt the password to your database in your
<Resource> element?
- -chris
-----BEGIN PGP SIGNATURE-----
Version: GnuPG/MacGPG2 v2.0.17 (Darwin)
Comment: GPGTools - http://gpgtools.org
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/
iEYEARECAAYFAk+QOf4ACgkQ9CaO5/Lv0PBHogCggb3wdvpiYMRQfkgs9vWJ9LA9
T7cAn0g31CA6PuT3dZOVdtFc2BYmVRZK
=ra9N
-----END PGP SIGNATURE-----
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org
RE: dbcp datasource encryption
Posted by "Osipov, Michael" <mi...@siemens.com>.
이재만 wrote:
> and i used dbcp as datasource on tomcat7 so i want to encrypt dbcp
> datasource
>
> how do i encrypt my dbcp datasource .. plase give me some samples..
> thanks.
This should probably go to the DBCP pool but you should evaluate SSL with your database.
With best regards,
Michael Osipov