Mark Thomas wrote:
On 14/08/2014 15:46, George Sexton wrote:
On 8/14/2014 8:33 AM, Mark Thomas wrote:
On 14/08/2014 15:10, George Sexton wrote:
graph.
Can you help me understand why tomcat doesn't take the approach of
Apache httpd which is to ask the user for the decryption key at startup
time?
Because it is largely a waste of time. Anyone with root on the box can
do a heap dump and retrieve the actual key or the password used to
protect the key. Much simpler just to not bother with a password and
configure the key file so only root and the Tomcat user can read it.
Same ends, simpler means.
The issue with root makes sense. Thanks for explaining it to me.
The case I see it being an improvement is where there's a defect in the
web server that makes the file available to the uid the tomcat process
runs under.
Using tomcat as an example, say there were some directory traversal bug
that would make the file available. Using httpd as an example, say there
were some stack overflow bug in PHP that could be exploited.
With httpd that attack wouldn't work as the worker processes run as a
different user to the main process which runs as root. Only the main
process can read the key file.
In Tomcat I think (but have never tested) that Commons Daemon can do a
similar thing. It starts as root, reads the keystore and then drops to
non-root. The problem with that is that if the connector needs to be
restarted you have to restart the entire process.
A similar issue with restarting the connector exists with the 'enter the
password on the command line' solution.
To look at it another way, I don't think the benefit is worth the effort
necessary to implement it.
<advert>
I believe Pivotal's (my employer) tc Server product which is based on
Tomcat does offer an enter the password on start-up option of some form.
</advert>
In which cases, humans being humans, the password probably ends up on a Post-It stuck on
the console..
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org
