Server.xml contains keystore password in cleartext
Last Updated May 26, 2011
On the Enforce server we store the "protect" password in clear text in the "server.xml" file.
Can this be encrypted?
In order to get access to that file C:\Vontu\Protect\tomcat\conf\server.xml one would need to have access to the Enforce server and the DLP product installation. Given access, a malicious user would have many vectors to disable or damage DLP monitoring.
It is recommended that customer should control authorization and access to the DLP systems very carefully. Also, we are using out of the box tomcat, therefore a JIRA would not apply. We do set it up within the possibilities of the framework, but will not perform code changes which would affect our ability to support the framework since we would affectively own and support this new code branch.
Imported Document ID: TECH221603
Subscribing will provide email updates when this Article is updated. Login is required to Subscribe