Leon Rosenberg wrote:
On 6/2/06, Bill Barker <[EMAIL PROTECTED]> wrote:
TC 3.3.x had an optional module to do this. It never got ported.
I generally agree with most of the people that say that this is the
least of
your problems. If you are usings a self-signed cert, then you are just
getti
On 6/2/06, Bill Barker <[EMAIL PROTECTED]> wrote:
TC 3.3.x had an optional module to do this. It never got ported.
I generally agree with most of the people that say that this is the least of
your problems. If you are usings a self-signed cert, then you are just
getting what you deserve. Othe
TC 3.3.x had an optional module to do this. It never got ported.
I generally agree with most of the people that say that this is the least of
your problems. If you are usings a self-signed cert, then you are just
getting what you deserve. Otherwise, you simply contact the CA and revoke
the c
> From: David Wall [mailto:[EMAIL PROTECTED]
> What's the downside if someone who
> has access to your filesystem has access to the SSL cert
> keystore? They
> can remove and install certs, but I could do that anyway by
> putting in a
> new keystore. Somehow they'd need to take your keystor
Hi Eric:
I am sorry. I am a beginner of Tomcat. How does it work? Have the
current Tomcat already been doing that? Is it just put an encrypted
keystore password at the server.xml? or don't even mention any keystore
password at the server.xml at all?
Regards
Dickson
I don't think TC does thi
No, you just have the keystore encrypted with a password and _don't_
specify it in the config file. Then when tomcat starts up, and can't open
the keystore w/o a password, it knows it has to ask for it, but it isn't
stored anywhere on the machine. That's what apache httpd does if the
c
ssage-
From: Eric Haszlakiewicz [mailto:[EMAIL PROTECTED]
Sent: Wednesday, May 31, 2006 9:46 AM
To: Tomcat Users List
Cc: David Wall
Subject: Re: How to hide the keystorePass at the server.xml
On Tue, May 30, 2006 at 04:46:42PM -0700, David Wall wrote:
> A possible sounding solution would be to hav
On Tue, May 30, 2006 at 04:46:42PM -0700, David Wall wrote:
> A possible sounding solution would be to have tomcat start in a
> protected mode that requires an admin connect and enter a password
> before TC would allow the webapps to load. But even this would require
> that TC be configured to
Shankar Unni wrote:
Robert Harper wrote:
One thing to think of is that if you have to do that to protect it, then
everything else on that system is suspect.
Yeah, yeah. I used to use this argument a lot, too. But that's like
saying: if your harness isn't secure, then why bother with an
add
Robert Harper wrote:
One thing to think of is that if you have to do that to protect it, then
everything else on that system is suspect.
Yeah, yeah. I used to use this argument a lot, too. But that's like
saying: if your harness isn't secure, then why bother with an additional
safety net bel
config files, they can also get at the user database and user information.
Robert S. Harper
Information Access Technology, Inc.
-Original Message-
From: Dickson Lam (dilam) [mailto:[EMAIL PROTECTED]
Sent: Tuesday, May 30, 2006 2:20 PM
To: users@tomcat.apache.org
Subject: How to hide the
Hi,
I am using Tomcat 5.5.16 window version. When I configure Tomcat to use
SSL, I need to put the "keystorePass" password on the Tomcat server.xml
file which is in plain text format.
Is it anyway I can hide the keystore password from the server.xml? or
configure Tomcat to read in an encry
12 matches
Mail list logo
