One thing to think of is that if you have to do that to protect it, then everything else on that system is suspect. You should have your settings so that the user cannot browse your computer and they can not get to that area. That will also secure the rest of your file system. If they can read the config files, they can also get at the user database and user information.
Robert S. Harper Information Access Technology, Inc. -----Original Message----- From: Dickson Lam (dilam) [mailto:[EMAIL PROTECTED] Sent: Tuesday, May 30, 2006 2:20 PM To: users@tomcat.apache.org Subject: How to hide the keystorePass at the server.xml Hi, I am using Tomcat 5.5.16 window version. When I configure Tomcat to use SSL, I need to put the "keystorePass" password on the Tomcat server.xml file which is in plain text format. Is it anyway I can hide the keystore password from the server.xml? or configure Tomcat to read in an encrypted "keystorePass" password and decrypted the password during startup? Regards Dickson --------------------------------------------------------------------- To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
