There is a plugin for TC 3.3.x to force prompting for the keystore password. Largely due to lack of user interest, nobody has really tried porting it to TC 4.x-5.x.
"Mark W. Webb" <[EMAIL PROTECTED]> wrote in message news:[EMAIL PROTECTED] > I can't believe that passwords for SSL are stored in the clear. That > places all responsibility of security to the OS, which may not be a good > idea. What happened to defense-in-depth ?? > > Nathan McMinn wrote: > > >When was the last time Tomcat had a published exploit? > > > >On a related note, these kind of "contests" are fairly common, and usually > >don't produce any kind of real activity. > > > >--Nathan > > > >----- Original Message ----- > >From: "Eugene Lee" <[EMAIL PROTECTED]> > >To: "Tomcat Users List" <[EMAIL PROTECTED]> > >Sent: Thursday, July 03, 2003 10:51 AM > >Subject: Tomcat security? > > > > > > > > > >>Anyone want to discuss hardening Tomcat servers? > >> > >>Hacking Contest Threatens Web Sites > >> > >>By George V. Hulme, InformationWeek > >>Updated Wednesday, July 2, 2003, 3:00 PM EDT > >> > >>A hacking contest slated for this weekend could produce a rash > >>of Web-site defacements worldwide, according to a warning issued > >>Wednesday by security companies and government Internet security > >>groups. The hacker defacement contest is expected to kick off > >>on Sunday. The contest supposedly will award free hosting > >>services, Web mail, unlimited E-mail forwarding, and a domain > >>name of choice for the triumphant hackers, according to a Web > >>site promoting the contest. > >> > >>... > >> > >>More details at: > >> > >>http://www.internetweek.com/story/showArticle.jhtml?articleID=10818014 > >> > >> > >>-- > >>Eugene Lee > >>http://www.coxar.pwp.blueyonder.co.uk/ > >> > >>--------------------------------------------------------------------- > >>To unsubscribe, e-mail: [EMAIL PROTECTED] > >>For additional commands, e-mail: [EMAIL PROTECTED] > >> > >> > >> > >> > > > > > >--------------------------------------------------------------------- > >To unsubscribe, e-mail: [EMAIL PROTECTED] > >For additional commands, e-mail: [EMAIL PROTECTED] > > > > --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
