Re: Password encryption in Tomcat 8.5.35

This is a kind of funny (sorry) "battle of the bulge" problem. Malicious systems administrators (we assume everyone is guilty and it drives this kind of issue) will find the password to your database, and, ignoring everything else on the machine they just exploited, will go and query your

Re: Password encryption in Tomcat 8.5.35

On 16/09/2019 07:24, Olaf Kock wrote: > > On 16.09.19 06:05, Mohan T wrote: >> Hi, >> >> We are using tomcat 8.5.35, on Red Hat Enterprise Linux Server release 7.4. >> >> Is it possible to encrypt or mask passwords that is being used in the >> datasource for connecting to database. I am

Re: Password encryption in Tomcat 8.5.35

On 16.09.19 08:24, Olaf Kock wrote: > If someone has access to the old Wiki's information, it'd be a great > page to restore. > "Do you really want to send this mail?" - "Of course" - "so be it" - m( Facepalm: It takes the steps above to think of a way of accessing the old content: Here it is,

Re: Password encryption in Tomcat 8.5.35

On 16.09.19 06:05, Mohan T wrote: > Hi, > > We are using tomcat 8.5.35, on Red Hat Enterprise Linux Server release 7.4. > > Is it possible to encrypt or mask passwords that is being used in the > datasource for connecting to database. I am mentioning the credentials in > server.xml There used

RE: [tomcat-users] Password encryption in Tomcat 8.5.35

om TPMs, Smart Cards, networked sources, etc. v/r, Jason Pyeron > -Original Message- > From: Mohan T > Sent: Monday, September 16, 2019 12:05 AM > To: users@tomcat.apache.org > Subject: [tomcat-users] Password encryption in Tomcat 8.5.35 > > Hi, > > We are u

Password encryption in Tomcat 8.5.35

Hi, We are using tomcat 8.5.35, on Red Hat Enterprise Linux Server release 7.4. Is it possible to encrypt or mask passwords that is being used in the datasource for connecting to database. I am mentioning the credentials in server.xml Thanks Mohan DISCLAIMER: This communication contains

Re: [OT] server.xml password encryption instead of plain text

-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Harri, On 5/26/17 3:32 AM, Pesonen, Harri wrote: > It is possible to use Windows certificate store like this: > > keyAlias="..." keystoreFile="" keystoreType="Windows-My" > maxThreads="150" port="8443" >

Re: server.xml password encryption instead of plain text

: server.xml password encryption instead of plain text I haven't tested it yet, but if you're on a Windows platform you MAY be able to tell Tomcat to use the Windows Certificate Store (an thus NOT have a password in server.xml) by adding something like this to the Java Options: -Djavax.net.ssl.trustS

Re: server.xml password encryption instead of plain text

te in > Windows user's personal certificates. Then you don't need to enter password > at all. > > -Harri > > -Original Message- > From: John Palmer [mailto:johnpalm...@gmail.com] > Sent: 25. toukokuuta 2017 17:01 > To: Tomcat Users List <users@tomcat.apache.org

RE: server.xml password encryption instead of plain text

...@gmail.com] Sent: 25. toukokuuta 2017 17:01 To: Tomcat Users List <users@tomcat.apache.org> Subject: Re: server.xml password encryption instead of plain text I haven't tested it yet, but if you're on a Windows platform you MAY be able to tell Tomcat to use the Windows Certificate Store (a

Re: server.xml password encryption instead of plain text

-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 John, On 5/25/17 10:00 AM, John Palmer wrote: > On Thu, May 25, 2017 at 7:46 AM, Vidyadhar > wrote: > >> On Thu, 25 May 2017 at 6:01 PM, Dhaval Jaiswal >> wrote: >> >>> How can we avoid defining

Re: server.xml password encryption instead of plain text

I haven't tested it yet, but if you're on a Windows platform you MAY be able to tell Tomcat to use the Windows Certificate Store (an thus NOT have a password in server.xml) by adding something like this to the Java Options: -Djavax.net.ssl.trustStoreProvider=SunMSCAPI

Re: server.xml password encryption instead of plain text

On Thu, 25 May 2017 at 6:01 PM, Dhaval Jaiswal wrote: > How can we avoid defining plain text password in server.xml​ or is there a > way i can encrypt the password in server.xml. ​ > There are couple of examples on https://wiki.apache.org/tomcat/FAQ/Password -- Regards,

server.xml password encryption instead of plain text

How can we avoid defining plain text password in server.xml​ or is there a way i can encrypt the password in server.xml. ​

Re: JKS keystore password Encryption

Mark Thomas wrote: On 14/08/2014 15:46, George Sexton wrote: On 8/14/2014 8:33 AM, Mark Thomas wrote: On 14/08/2014 15:10, George Sexton wrote: graph. Can you help me understand why tomcat doesn't take the approach of Apache httpd which is to ask the user for the decryption key at startup

Re: JKS keystore password Encryption

On 8/4/2014 8:17 AM, André Warnier wrote: Sanaullah wrote: Hi, is there a way i ca replace plain JKS keystore password with encrypted password in tomcat server.xml? This kind of question comes regularly on this list, I would say 2 or 3 times each year. Searching the list archives

Re: JKS keystore password Encryption

On 14/08/2014 15:10, George Sexton wrote: On 8/4/2014 8:17 AM, André Warnier wrote: Sanaullah wrote: Hi, is there a way i ca replace plain JKS keystore password with encrypted password in tomcat server.xml? This kind of question comes regularly on this list, I would say 2 or 3 times

Re: JKS keystore password Encryption

On 8/14/2014 10:33 AM, Mark Thomas wrote: On 14/08/2014 15:10, George Sexton wrote: On 8/4/2014 8:17 AM, André Warnier wrote: Sanaullah wrote: Hi, is there a way i ca replace plain JKS keystore password with encrypted password in tomcat server.xml? This kind of question comes regularly

Re: JKS keystore password Encryption

On 8/14/2014 8:33 AM, Mark Thomas wrote: On 14/08/2014 15:10, George Sexton wrote: graph. Can you help me understand why tomcat doesn't take the approach of Apache httpd which is to ask the user for the decryption key at startup time? Because it is largely a waste of time. Anyone with root on

Re: JKS keystore password Encryption

On 14/08/2014 15:46, George Sexton wrote: On 8/14/2014 8:33 AM, Mark Thomas wrote: On 14/08/2014 15:10, George Sexton wrote: graph. Can you help me understand why tomcat doesn't take the approach of Apache httpd which is to ask the user for the decryption key at startup time? Because it

Re: JKS keystore password Encryption

You may find Wiki also useful: http://wiki.apache.org/tomcat/FAQ/Password -Ognjen Write your own datasource implementation which wraps your datasource and obscure your brains out (XOR http://en.wikipedia.org/wiki/XOR_cipher and ROT13 http://en.wikipedia.org/wiki/ROT13 are great

Re: JKS keystore password Encryption

-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Sanaullah, On 8/4/14, 9:19 PM, Sanaullah wrote: Thanks to all. I was looking something similar to this [1] which is implemented in JBoss. [1]

Re: JKS keystore password Encryption

Hi Chris, I don't want to pass the audit. I am just curious why Jboss implemented that ? and whats the purpose of SRP protocol implementation just to pass the audit? [1]

JKS keystore password Encryption

Hi, is there a way i ca replace plain JKS keystore password with encrypted password in tomcat server.xml? Regards, Sanaullah

Re: JKS keystore password Encryption

Sanaullah wrote: Hi, is there a way i ca replace plain JKS keystore password with encrypted password in tomcat server.xml? This kind of question comes regularly on this list, I would say 2 or 3 times each year. Searching the list archives (mentioned in the superb on-line Tomcat

Re: JKS keystore password Encryption

On Mon 04 Aug 2014 09:17:47 André Warnier escribió: And if someone non-authorized has access to Tomcat's server.xml, then you have bigger problems than a non-encrypted password. Maybe the best solution could be put the right permission to sever.xml and do not give the root password to other

Re: JKS keystore password Encryption

Thanks Andre and Ulises. I will also search the archive as well. Regards, Sanaullah On Mon, Aug 4, 2014 at 8:07 PM, Ulises González Horta ul...@ulinxonline.net wrote: On Mon 04 Aug 2014 09:17:47 André Warnier escribió: And if someone non-authorized has access to Tomcat's server.xml, then

Re: JKS keystore password Encryption

-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Sanaullah, On 8/4/14, 9:43 AM, Sanaullah wrote: is there a way i ca replace plain JKS keystore password with encrypted password in tomcat server.xml? http://wiki.apache.org/tomcat/FAQ/Password - -chris -BEGIN PGP SIGNATURE- Version:

Re: JKS keystore password Encryption

Sanaullah, On 4.8.2014 17:26, Sanaullah wrote: I will also search the archive as well. You may find Wiki also useful: http://wiki.apache.org/tomcat/FAQ/Password -Ognjen - To unsubscribe, e-mail:

Re: JKS keystore password Encryption

Thanks to all. I was looking something similar to this [1] which is implemented in JBoss. [1] https://access.redhat.com/documentation/en-US/JBoss_Enterprise_Application_Platform/5/html/Security_Guide/Encrypting_The_Keystore_Password_In_Tomcat.html On Tue, Aug 5, 2014 at 3:43 AM, Ognjen

password encryption

I tried the following command and failed as tomcat home directory: C:\apps\apache-tomcat-7.0.11java -cp lib/catalina.jar;bin/tomcat-juli.jar org.a pache.catalina.realm.RealmBase -a md5 henry Exception in thread main java.lang.NoClassDefFoundError: org/apache/tomcat/uti l/res/StringManager

Re: password encryption

Do you have org.apache.tomcat.util.res.StringManager on your classpath? It's in tomcat-coyote.jar in my installation (6.0.18). Paul On Fri, Apr 1, 2011 at 10:47 AM, Henry Lu z...@umich.edu wrote: I tried the following command and failed as tomcat home directory:

Re: password encryption

In Tomcat 7 you will need lib/tomcat-util.jar. The following works: java -cp bin/tomcat-juli.jar;lib/catalina.jar;lib/tomcat-util.jar org.apache.catalina.realm.RealmBase -a md5 foo I updated the docs: http://svn.apache.org/viewvc?rev=1087791view=rev Best regards, Konstantin Kolinko 2011/4/1

Re: password encryption

On 01/04/2011 15:47, Henry Lu wrote: I tried the following command and failed as tomcat home directory: Please don't hijack threads. p signature.asc Description: OpenPGP digital signature

JNDI Realm and Password Encryption

Hello, I'm using the JNDI realm and communicating with a Novell eDirectory (LDAP) server for authentication and authorization purposes. We're communicating on port 389, which is non-secure. I know the user ID and password is stored in plain text (within /conf/server.xml), but what I'm not sure

Re: JNDI Realm and Password Encryption

Sniffing protocol would probably give you an idea about this :) Jeff Marendo a écrit : Hello, I'm using the JNDI realm and communicating with a Novell eDirectory (LDAP) server for authentication and authorization purposes. We're communicating on port 389, which is non-secure. I know the user

Password encryption for JNDI settings

Is there anyway we can encrypt password for JNDI Data source in context.xml ? Ravi -- View this message in context: http://www.nabble.com/Password-encryption-for-JNDI-settings-tf3164186.html#a8777619 Sent from the Tomcat - User mailing list archive at Nabble.com

Re: Password encryption for JNDI settings

Is there anyway we can encrypt password for JNDI Data source in context.xml ? Ravi Take a look at the very final section in this article http:// www.owasp.org/index.php/Securing_tomcat The short answer, no. - To start a

SHA password encryption problem using org.apache.catalina.realm.RealmBase

Dear all, I'm using Tomcat 5.5.9, Java 1.5.0 on a Red Hat Entreprise 4.4. According to this document http://tomcat.apache.org/tomcat-5.5-doc/realm-howto.html I tried to encrypt passwords, but I can't figure out why it is not working. I copied the class catalina.jar into /usr/share/java/