On Tue, May 30, 2006 at 04:46:42PM -0700, David Wall wrote:
> A possible sounding solution would be to have tomcat start in a
> protected mode that requires an admin connect and enter a password
> before TC would allow the webapps to load. But even this would require
> that TC be configured to do so since most would not want this. And if
> you can access the filesystem, then you could change that configuration
> so that TC would start and NOT require that. You can even change the
> java security policy file. So you'd need to create a forked TC that
> always requires the password to be entered. But then again, if they can
> access the filesystem, they could just change out the version of TC.
No, you just have the keystore encrypted with a password and _don't_
specify it in the config file. Then when tomcat starts up, and can't open
the keystore w/o a password, it knows it has to ask for it, but it isn't
stored anywhere on the machine. That's what apache httpd does if the
cert file is password protected. Tomcat should do the same. It works
quite well.
eric
---------------------------------------------------------------------
To start a new topic, e-mail: users@tomcat.apache.org
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
