ansaurus

Question

Answer 1

A:

You can modify the start up script for tomcat to pass on command line arguments to the start command itself. These should probably be in the form of -Dkey=value. This will allow you to set system properties at start up. Your application can read these via System.getProperty(name) to get the passwords or to fail to start up if the property was not provided.

Please be advised that the start command for tomcat may be logged to disk on some systems so the -D flags will be logged as well, and your password with them. You will just need to make sure this is not logged.

Gennadiy 2009-12-10 20:56:08

This is a bad idea because this information will be passed in the clear. A simple ps -ef will display the password.

jabbie 2009-12-10 20:58:27

The requirement was not to have the passwords in the clear on the system...

FelixM 2009-12-10 20:59:28

I had an instance of a similar requirement. We ended up being able to simply crypt the password into a text file and read it runtime. You can pass the password using two -D flags and perform some kind of operation on them to get the actual password. Just don't name them -DpasswordOne -DpasswordTwo. Security by obscurity for this one may do.

Gennadiy 2009-12-10 21:01:44

Answer 2

A:

Uhm, the clever solution is an encrypted password file, why did that get ruled out?

Another solution might be to read the passwords from a database or some other server.

FelixM 2009-12-10 20:58:41

Not a good idea, if you need to get it out of an encrypted password file, then that means the key is going to be stored or hardcoded somewhere also, so that's not much better than storing them in the clear (unless you prompt the user for the key, but then you're back to the same problem). You'd have the same problem if you want to pull the password from a database - plus, then you'd have to make sure those data sources are secure as well....

mpobrien 2009-12-10 21:31:35

Evidently, there is a school of thought out there that claims an ecrypted password file is still "in the clear" ...

praspa 2009-12-10 21:31:43

If a file is encrypted but the key is somewhere within reach on the system, it should not be considered securely encrypted.

mpobrien 2009-12-10 21:42:15

Here is a use case against an encrypted password file. If the password was used to authenticate with another service and I have access to the java code that uses the encrypted password and the encrypted password, I can use this information to write my own code to authenticate against the service. In reality the encrypted password is just as useful to me if all I want to do is authenticate against another service.

jabbie 2009-12-11 00:45:23

Answer 3

+1 A:

Here ~~are two solutions~~ is one solution that I can think of:

Easy - set an environment variable in the shell script wrapper and read this as a system property. i.e.:

echo "What is the password"
stty -echo
read server_password
stty echo
# error check
export server_password

Then in java:

password = System.getenv("server_password");

~~Harder - encrypt the password using asymmetric encryption and then pass the password, you will then need to unencrypt it in your java code.~~

Just my off the cuff ideas.

EDIT Removed the encrypt the password idea because while it may stop someone from determining the password it doesn't stop someone from using encrypted password to start the application.

EDIT 2: incorporated stty -echo per @mpobrien suggestion

jabbie 2009-12-10 21:05:20

I actually like your "Easy" suggestion. That'll be good to pass the new requirements.

praspa 2009-12-10 21:38:18

here's a tip for extra security - turn off character echoing when prompting for the password, using "stty -echo"More details here: http://www.askdavetaylor.com/prompting_users_for_passwords_in_a_shell_script.html

mpobrien 2009-12-10 21:40:30

@mpobrien very good point. You should definitely turn off echoing.

jabbie 2009-12-10 21:48:21

ansaurus

tags:

views:

answers:

Read User Input from Tomcat startup

related questions