ssl without keystorePass in open text in server.xml

[Ja kub]

is it possible not to write keystorePass in open text server.xml, and make
tomcat to ask for it at startup ?
or specify only some hash of it (rather not possible) ?

BR
J.

Re: ssl without keystorePass in open text in server.xml

[Mark Thomas]

On 30/01/2014 09:46, Ja kub wrote:
 is it possible not to write keystorePass in open text server.xml, and make
 tomcat to ask for it at startup ?
 or specify only some hash of it (rather not possible) ?

http://wiki.apache.org/tomcat/FAQ/Password

Mark

-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Re: ssl without keystorePass in open text in server.xml

[Арсений Зинченко]

Why are plain text passwords in the config files? Because there is no good
way to secure them. When Tomcat needs to connect to a database, it needs
the original password. While the password could be encoded, there still
needs to be a mechanism to decode it. And since the source to Tomcat is
freely available, the attacker would know the decoding method. So at best,
the password is obscured - but not really protected.

http://wiki.apache.org/tomcat/FAQ/Password


2014/1/30 Mark Thomas ma...@apache.org

 On 30/01/2014 09:46, Ja kub wrote:
  is it possible not to write keystorePass in open text server.xml, and
 make
  tomcat to ask for it at startup ?
  or specify only some hash of it (rather not possible) ?

 http://wiki.apache.org/tomcat/FAQ/Password

 Mark

 -
 To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
 For additional commands, e-mail: users-h...@tomcat.apache.org