I have a Tomcat application that requires multiple passwords on startup.
My current configuration uses a Java Properties object to load in the passwords from a password.conf file.
现在要求,在系统上不准许密码。 我曾建议对密码档案进行加密,但这不是一种选择。
理想的情况是,托马卡特的开端文字只能读从指挥线上使用的关键密码,并提交我的申请。
由于Tomcat正在开始做大mon,我认为我不能利用任何 Java指挥线I/O,如斯堪的斯堪纳语读过密码。
是否有任何解决办法?
Thanks PR
这里,是两个解决办法,我可以认为:
简便――在彩票包装中设定环境变量,并将之视为系统财产。 i.e:
echo "What is the password"
stty -echo
read server_password
stty echo
# error check
export server_password
然后在java:
password = System.getenv("server_password");
Harder——用不对称加密加密对密码进行加密,然后通过密码,然后,你将需要在你的java代码中予以加密。
仅凭空谈。
EDIT Removed the encrypt the password idea because while it may stop someone from determining the password it doesn t stop someone from using encrypted password to start the application.
EDIT2: 纳入粗体-echo per @mpobrien建议
你可以修改起序,把指挥线论点传给指挥本身。 可能的话,它们应当采用——Dkey=数值的形式。 这将使你能够开始建立制度性。 你的申请可以通过系统阅读。
请注意,对散射线的开端指挥可能贴上某些系统的磁盘,这样的话――德国旗也会被贴上标签,而且你与这些旗帜的密码。 你们只是需要确保这一点不会gged。
Uhm, the clever Solutions is an en加密密码 file, 这就是为什么没有排除?
另一种解决办法是阅读数据库或其他一些服务器的密码。
根据上述环境变量建议,环境参数下的环境变数可:
/proc/[pid]/environ
因此,环境变数中的直观密码可以通过原体或散射过程的所有人三读。
详情见https://serverfault.com/questions/133147/proc-pid-environ-missing-variables
这个职位属于另一个答复。 但是,我没有声望来补充评论;这是我的第一个职位。 我道歉。 我认为,环境里的通俗密码的安全影响值得回答。
Hi have this j2ee web application developed using spring framework. I have a problem with rendering mnessages in nihongo characters from the properties file. I tried converting the file to ascii using ...
Check this, List<String> list = new ArrayList<String>(); for (int i = 0; i < 10000; i++) { String value = (""+UUID.randomUUID().getLeastSignificantBits()).substring(3, ...
I am in the middle of solving a problem where I think it s best suited for a decorator and a state pattern. The high level setting is something like a sandwich maker and dispenser, where I have a set ...
I have been trying to execute a MS SQL Server stored procedure via JDBC today and have been unsuccessful thus far. The stored procedure has 1 input and 1 output parameter. With every combination I ...
I have a system which contains multiple applications connected together using JMS and Spring Integration. Messages get sent along a chain of applications. [App A] -> [App B] -> [App C] We set a ...
If I m given two Java Libraries in Jar format, 1 having no bells and whistles, and the other having lots of them that will mostly go unused.... my question is: How will the larger, mostly unused ...
I have a Class variable that holds a certain type and I need to get a variable that holds the corresponding array class. The best I could come up with is this: Class arrayOfFooClass = java.lang....
I m working on a Java desktop application that reads and writes from/to different files. I think a better solution would be to replace the file system by a SQLite database. How hard is it to migrate ...