I agree with you that only those userids that actually need to access
the server.xml file should be able to read it.
But still I think it's never a good idea to write a password in plain
text in any file. If the password is stored in plain text and something
goes wrong an attacker could be able to steal my private key and use it.
And this would be really bad.
Therefore I'm looking for a possibility to pass the password via the
console.
Moritz
Caldarale, Charles R wrote:
From: Moritz [mailto:[EMAIL PROTECTED]
Subject: Key store password via console
I have defined a TLS connector, but I don't want to
write the password for my key store in plain text into
the server.xml file.
Are you saying that your server.xml file is open to anyone? If so,
you've got bigger problems than hiding your keystore password. Just
insure that server.xml is accessible only to those userids that actually
need to access it.
- Chuck
THIS COMMUNICATION MAY CONTAIN CONFIDENTIAL AND/OR OTHERWISE PROPRIETARY
MATERIAL and is thus for use only by the intended recipient. If you
received this in error, please contact the sender and delete the e-mail
and its attachments from all computers.
---------------------------------------------------------------------
To start a new topic, e-mail: users@tomcat.apache.org
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
---------------------------------------------------------------------
To start a new topic, e-mail: users@tomcat.apache.org
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
