---------------------------------------------------------------------------
HARBOR: http://coolharbor.100free.com/index.htm
The most powerful application server on earth.
The only real POJO Application Server.
Making the Java dream come true.
---------------------------------------------------------------------------
----- Original Message -----
From: "Jan Mönnich" <[EMAIL PROTECTED]>
To: <users@tomcat.apache.org>
Sent: Friday, February 08, 2008 12:30 PM
Subject: Password Input on Tomcat Startup
Hi folks,
we have a very sensitive webapp that requires the input of a password
when the tomcat server starts. We don't want to store this password
in a file. One way we've already tested could be the use of a JDialog
with a JPasswordField that is shown in the init() method of a servlet
(<load-on-startup>1). Unfortunately this requires our server to run
X11... :-(
Is there any (hidden) way to input this password on the terminal
tomcat was started from?
============================
Ha ha... hey linux is supposed to be free ;)
Sounds like a licensing scheme... naughty naughty, ok you got to eat ;)
I natural way is as the other poster explained... a web page.
Poping UI out of a servelt even with X... no, its just ugly.
You have to hide the password on the machine...
One way is to... when they pay for the software...
is to give them a license key which is a hash of the password and say the IP
address, thus it doesnt work on other machines.
Then you store your password inside the application... it hashes itself and
the IP, if same, its on, if not, the browsers just give
a "pay me, people" message... ;)
Something like that...
Also look at the POJO application server above... you could have a central
registry...
ie when servlet starts it calls into the PAS, it checks a user registry and
either allows it to run or not...
Yes, tomcat is also an application server... probably the most powerful
application server ever.... ha ha
Have fun...
============================
Thanks in advance for any idea!
Jan
--
Dipl.-Inf. (FH) Jan Mönnich, PKI Team
Phone: +49 40 808077-632, Fax: +49 40 808077-556, [EMAIL PROTECTED]
DFN-CERT Services GmbH, https://www.dfn-cert.de, Phone +49 40 808077-555
Sitz / Register: Hamburg, AG Hamburg, HRB 88805, Ust-IdNr.: DE 232129737
Sachsenstraße 5, 20097 Hamburg/Germany, CEO: Dr. Klaus-Peter Kossakowski
15 Jahre DFN-CERT + 15. DFN-Workshop "Sicherheit in vernetzten Systemen"
am 13./14. Februar 2008 im CCH Hamburg - https://www.dfn-cert.de/ws2008/
---------------------------------------------------------------------
To start a new topic, e-mail: users@tomcat.apache.org
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
