如何在tomcat 7中加密server.xml的密码 [英] how to encrypt password of server.xml in tomcat 7

问题描述

我想消化/加密 tomcat 的 server.xml 密码.我在互联网上看到了几个代码，这导致我在 Resource 标签中添加了工厂正如你在下面看到的.不幸的是，我已经在工厂中添加了 Atomikos，但不允许我添加第二个工厂.

你能不能帮我第二种方法，以便在服务器中使用加密密码.xml 或者你知道在 server.xml 的 Resource 标签中添加第二个工厂的方法吗?

如果我的问题不清楚，我会举更多的例子.任何帮助表示赞赏.谢谢.

<Resource auth="Container" driverClassName="net.sourceforge.jtds.jdbc.Driver" factory="com.atomikos.tomcat.EnhancedTomcatAtomikosBeanFactory"maxPoolSize="50" minPoolSize="1" name="global/EFaturaDS" testQuery="SELECT 1" type="com.atomikos.jdbc.nonxa.AtomikosNonXADataSourceBean"uniqueResourceName="global/EFaturaDS" url="jdbc:jtds:sqlserver://localhost:8080/application;instance=APP08;charset=cp1254;"/>

解决方案

这个简短的回答是否定的:您不能在 server.xml 文件中加密您的密码.对于更长的答案，您应该阅读 Tomcat 的 wiki 页面 密码在配置文件.

这是回答为什么在配置文件中使用纯文本密码?"问题的相关部分

<块引用>因为没有保护"它们的好方法.当Tomcat需要连接数据库时，需要原始密码.虽然可以对密码进行编码，但仍然需要一种机制来对其进行解码.

继续详细解释为什么只有在您错误地说服自己正在提高安全性时才有可能做到这一点，以及为什么 Tomcat 开发人员不会竭尽全力帮助您做到这一点.

有一节介绍如何去做"；如果您有一个过于严厉的安全评估，您需要通过并且只需要完成它，即使它并没有以任何有意义的方式保护您.

I want to digest/encrypt tomcat's server.xml password. I have seen several codes in the internet which leads me to add factory inside Resource tag as you see below. Unfortunately I have Atomikos already added in the factory whick do not allow me to add second factory.

Could you please help me a second way in order to use encrypted password in the server. xml or do you know a way to add a second factory in the Resource tag of server.xml ?

If my question is not clear, I would give more examples. Any help is appreciated. Thanks.

<Resource auth="Container" driverClassName="net.sourceforge.jtds.jdbc.Driver" factory="com.atomikos.tomcat.EnhancedTomcatAtomikosBeanFactory" 
maxPoolSize="50" minPoolSize="1" name="global/EFaturaDS" testQuery="SELECT 1" type="com.atomikos.jdbc.nonxa.AtomikosNonXADataSourceBean" 
uniqueResourceName="global/EFaturaDS" url="jdbc:jtds:sqlserver://localhost:8080/application;instance=APP08;charset=cp1254;" /> 

解决方案

This short answer is no: you cannot encrypt your password in your server.xml file. For the longer answer, you should read Tomcat's wiki page on passwords in configuration files.

Here is the relevant part answering the question "Why are plain text passwords in the config files?"

Because there is no good way to "secure" them. When Tomcat needs to connect to a database, it needs the original password. While the password could be encoded, there still needs to be a mechanism to decode it.

It goes on to explain in detail why this is only possible if you wrongly convince yourself that you are improving security, and why the Tomcat developers won't go out of their way to help you do it.

There is a section on how to "just do it" if you have an overly heavy-handed security assessment that you need to pass and just need to get it done, even though it does not protect you in any meaningful way.

这篇关于如何在tomcat 7中加密server.xml的密码的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！