No prob, good luck.
-Original Message-
From: Curley, Thomas [mailto:[EMAIL PROTECTED]
Sent: Wednesday, November 26, 2003 1:21 PM
To: Tomcat Users List
Subject: RE: Security Hole - server.xml
thanks for your time Justin - I will look into this - T
-Original Message-
From: Hart
thanks for your time Justin - I will look into this - T
-Original Message-
From: Hart, Justin [mailto:[EMAIL PROTECTED]
Sent: 26 November 2003 18:17
To: Tomcat Users List
Subject: RE: Security Hole - server.xml
Well, right, but if you were to inherit from the realm that you wanted to
have MD5 to store your
passwords with.
Justin
-Original Message-
From: Curley, Thomas [mailto:[EMAIL PROTECTED]
Sent: Wednesday, November 26, 2003 1:13 PM
To: Tomcat Users List
Subject: RE: Security Hole - server.xml
Note - in reply to Justin - I don't have a multi-tier login
sions to server.xml
Thomas
-Original Message-
From: Bob Jacoby [mailto:[EMAIL PROTECTED]
Sent: 26 November 2003 17:10
To: [EMAIL PROTECTED]
Subject: RE: Security Hole - server.xml
I consider things like this. By encrypting the password I'm protecting against casual
learn
can be unencrypted (as the app server has to send the password to the DB) -
so you just slow someone down, but if they have some brains will get through
eventually.
Greg
>
> thanks
>
> Thomas
>
> -Original Message-
> From: Tim Funk [mailto:[EMAIL PROTECTED]
> Sent
; From: Tim Funk [mailto:[EMAIL PROTECTED]
> Sent: 26 November 2003 13:51
> To: Tomcat Users List
> Subject: Re: Security Hole - server.xml
>
>
> The username and password still need decrypted at some time.
> It just makes
> the attacker jump through 1 hoop.
>
&g
The link below is for users logging-in (FORM or BASIC). Not for database
connections.
-Tim
[EMAIL PROTECTED] wrote:
A direct question arising from a security review :-
Using a datasource it is possible to remove the 'username',
'password' or at least encrypt them using someting like MD5
The
> A direct question arising from a security review :-
>
> Using a datasource it is possible to remove the 'username',
> 'password' or at least encrypt them using someting like MD5
The Password can be digested. See
http://jakarta.apache.org/tomcat/tomcat-4.1-doc/realm-howto.html#Digested%20Pa
ustin
-Original Message-
From: Curley, Thomas [mailto:[EMAIL PROTECTED]
Sent: Wednesday, November 26, 2003 8:53 AM
To: Tomcat Users List
Subject: RE: Security Hole - server.xml
I'd feel more secure with an MD5 or SHA1 encrypted user and password that relying on
unix file level sec
hat happens if a hacker gets root
> priv's ?
>
> thanks
>
> Thomas
>
> -Original Message-
> From: Tim Funk [mailto:[EMAIL PROTECTED]
> Sent: 26 November 2003 13:51
> To: Tomcat Users List
> Subject: Re: Security Hole - server.xml
>
>
> The u
ssage-
From: Tim Funk [mailto:[EMAIL PROTECTED]
Sent: 26 November 2003 13:51
To: Tomcat Users List
Subject: Re: Security Hole - server.xml
The username and password still need decrypted at some time. It just makes
the attacker jump through 1 hoop.
Using file permissions on the config file as well
Users List
Subject: Re: Security Hole - server.xml
The username and password still need decrypted at some time. It just makes
the attacker jump through 1 hoop.
Using file permissions on the config file as well and server security are the
ways to go.
-Tim
Curley, Thomas wrote:
> Hi all,
The username and password still need decrypted at some time. It just makes
the attacker jump through 1 hoop.
Using file permissions on the config file as well and server security are the
ways to go.
-Tim
Curley, Thomas wrote:
Hi all,
A direct question arising from a security review :-
Usin
13 matches
Mail list logo