On 8/14/2014 8:33 AM, Mark Thomas wrote:
On 14/08/2014 15:10, George Sexton wrote:
graph.
Can you help me understand why tomcat doesn't take the approach of
Apache httpd which is to ask the user for the decryption key at startup
time?
Because it is largely a waste of time. Anyone with root on the box can
do a heap dump and retrieve the actual key or the password used to
protect the key. Much simpler just to not bother with a password and
configure the key file so only root and the Tomcat user can read it.
Same ends, simpler means.
The issue with root makes sense. Thanks for explaining it to me.
The case I see it being an improvement is where there's a defect in the
web server that makes the file available to the uid the tomcat process
runs under.
Using tomcat as an example, say there were some directory traversal bug
that would make the file available. Using httpd as an example, say there
were some stack overflow bug in PHP that could be exploited.
Mark
--
George Sexton
*MH Software, Inc.*
Voice: 303 438 9585
http://www.mhsoftware.com
