I have seen some architectures where machine certificates are used to gain access to a directory service to access resource information such as passwords to a keystore. The different solutions to the same core problem doesn't really give a lot of protection, but each has their benefits. If
You could of course store it in LDAP but then you are faced with how do you limit access to the LDAP tree. You could of course use a machine cert, and base access on certs to the LDAP tree. I have seen implementations that on start up the credentials are obtained from LDAP and cached. Access
Entering the password on the command line could be an option if you choose the Java Invocation API. I have done this in the past and it has worked really well. On 4/25/05, john bart [EMAIL PROTECTED] wrote: Hello to all the list. I need some advice on where to store the keystore's password.
Is there something like window's DPAPI in the Unix world (solaris, linux, etc..)? From: Michael Howard [EMAIL PROTECTED] To: john bart [EMAIL PROTECTED],[EMAIL PROTECTED],SC-L@securecoding.org,[EMAIL PROTECTED],[EMAIL PROTECTED],[EMAIL PROTECTED] Subject: RE: Java keystore password storage