Menu
I have a Tomcat application that requires multiple passwords on startup.
My current configuration uses a Java Properties object to load in the passwords from a password.conf file.
There's now a requirement that no passwords are allowed in 'the clear' on the system. I had suggested encrypting the password file, but this isn't an option.
It would be ideal if Tomcat's start-up script could simply read user keyed passwords from the command line and feed it to my application.
Since Tomcat is starting up as a Daemon, I don't think I can utilize any Java command line I/O like Scanner to read in a password.
Does anyone have any clever solutions?
Thanks PR
775
Here are two solutions is one solution that I can think of:
Easy - set an environment variable in the shell script wrapper and read this as a system property. i.e.:
echo "What is the password"
stty -echo
read server_password
stty echo
# error check
export server_password
Then in java:
password = System.getenv("server_password");
Harder - encrypt the password using asymmetric encryption and then pass the password, you will then need to unencrypt it in your java code.
Just my off the cuff ideas.
EDIT Removed the encrypt the password idea because while it may stop someone from determining the password it doesn't stop someone from using encrypted password to start the application.
EDIT 2: incorporated stty -echo per @mpobrien suggestion
98
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
