> -----Original Message----- > From: Pid [mailto:p...@pidster.com] > Sent: Friday, February 08, 2013 4:48 PM > To: Tomcat Users List > Subject: Re: Need to Specify keystorePass on Command Line > > On 08/02/2013 16:11, Caldarale, Charles R wrote: > >> From: Harris, Jeffrey E. [mailto:jeffrey.har...@mantech.com] > >> Subject: RE: Need to Specify keystorePass on Command Line > > > >> First, I cannot store the password ANYWHERE on the system, which is > >> why it needs to be entered on the command line. > > > > Then you can't run Tomcat as a service - there is no command line. > It's my understanding that all parameters for a service must be > available in the registry or elsewhere in the file system prior to > starting the service. > > > > Consider running Tomcat from the .bat scripts instead, in which case > you can pass arbitrary parameters, but you will need to do this from a > logged-in account. > > But bear in mind that setting the password as -Dblah=password may still > expose the password to other processes able to read the startup > parameters of that process. > > Which IMHO is less secure than putting the password in a file with > permissions such that only the Tomcat user can read it... > > > p > > > - Chuck > > > > > > THIS COMMUNICATION MAY CONTAIN CONFIDENTIAL AND/OR OTHERWISE > PROPRIETARY MATERIAL and is thus for use only by the intended > recipient. If you received this in error, please contact the sender and > delete the e-mail and its attachments from all computers. > > > > > > --------------------------------------------------------------------- > > To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org > > For additional commands, e-mail: users-h...@tomcat.apache.org > > > > > -- > > [key:62590808] > > --------------------------------------------------------------------- > To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org > For additional commands, e-mail: users-h...@tomcat.apache.org
For our implementation, it does not matter whether another process can read the startup parameters - as long as the password is not stored in a file and disappears when the Tomcat's host server is shutdown. This e-mail and any attachments are intended only for the use of the addressee(s) named herein and may contain proprietary information. If you are not the intended recipient of this e-mail or believe that you received this email in error, please take immediate action to notify the sender of the apparent error by reply e-mail; permanently delete the e-mail and any attachments from your computer; and do not disseminate, distribute, use, or copy this message and any attachments. --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org