Robert Harper wrote:
One thing to think of is that if you have to do that to protect it, then
everything else on that system is suspect.
Yeah, yeah. I used to use this argument a lot, too. But that's like
saying: if your harness isn't secure, then why bother with an additional
safety net below you? You might as well fall and die..
It's not that obfuscating or encrypting the keystorePass is a fool-proof
answer, but that it adds an additional step of complexity in the way of
anyone who might crack your system. Stuff happens. Just because a
burglar got past your front door doesn't mean that you have to lay out
your valuables in the foyer..
---------------------------------------------------------------------
To start a new topic, e-mail: users@tomcat.apache.org
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]