All geek questions in one place

Reading user input since Tomcat started

I have a Tomcat application that requires several passwords at startup.
My current configuration uses the Java Properties object to load passwords from the password.conf file.

Currently, there is a requirement that passwords should not be allowed to be “clear” in the system. I suggested encrypting the password file, but this is not an option.

It would be ideal if the Tomcat start-up script could just read passwords with user keys from the command line and pass it to my application.

Since Tomcat runs as Daemon, I don’t think I can use any Java I / O command line interface, such as Scanner, to read in the password.

Does anyone have smart solutions?

Thanks PR

+3
source share
4 answers

Here are two solutions. is one of the solutions I can think of:

It is easy to set an environment variable in a shell script and read it as a system property. i.e:.

echo "What is the password"
stty -echo
read server_password
stty echo
# error check
export server_password

Then in java:

password = System.getenv("server_password");

More difficult - encrypt the password using asymmetric encryption, and then pass the password, then you will need to decrypt it in your Java code.

Just my cuff ideas.

EDIT Removed the encryption of the password idea, because although this may prevent someone from deciding the password, it does not prevent anyone from using the encrypted password to launch the application.

EDIT 2: included stty -echo on @mpobrien suggestion

+3
source

script tomcat, . , -Dkey = value. . System.getProperty(), , .

, , tomcat , -D . , .

0

, - , ?

- .

0

, linux :

/proc/[pid]/environ

, root tomcat.

For more information see https://serverfault.com/questions/133147/proc-pid-environ-missing-variables

This entry refers to a comment on another answer. But I don't have a reputation yet to add comments; This is my first post. I apologize. I felt that the security implications of plaintext password in the environment guaranteed a response.

0
source

Source: https://habr.com/ru/post/1725327/

More articles:


All Articles