Read User Input from Tomcat startup

I have a Tomcat application that requires multiple passwords on startup.

My current configuration uses a Java Properties object to load in the passwords from a password.conf file.

There's now a requirement that no passwords are allowed in 'the clear' on the system. I had suggested encrypting the password file, but this isn't an option.

It would be ideal if Tomcat's start-up script could simply read user keyed passwords from the command line and feed it to my application.

Sin开发者_开发技巧ce Tomcat is starting up as a Daemon, I don't think I can utilize any Java command line I/O like Scanner to read in a password.

Does anyone have any clever solutions?

Thanks PR

Here are two solutions is one solution that I can think of:

Easy - set an environment variable in the shell script wrapper and read this as a system property. i.e.:

echo "What is the password"
stty -echo
read server_password
stty echo
# error check
export server_password

Then in java:

password = System.getenv("server_password");

Harder - encrypt the password using asymmetric encryption and then pass the password, you will then need to unencrypt it in your java code.

Just my off the cuff ideas.

EDIT Removed the encrypt the password idea because while it may stop someone from determining the password it doesn't stop someone from using encrypted password to start the application.

EDIT 2: incorporated stty -echo per @mpobrien suggestion

You can modify the start up script for tomcat to pass on command line arguments to the start command itself. These should probably be in the form of -Dkey=value. This will allow you to set system properties at start up. Your application can read these via System.getProperty(name) to get the passwords or to fail to start up if the property was not provided.

Please be advised that the start command for tomcat may be logged to disk on some systems so the -D flags will be logged as well, and your password with them. You will just need to make sure this is not logged.

Uhm, the clever solution is an encrypted password file, why did that get ruled out?

Another solution might be to read the passwords from a database or some other server.

In response to the environment-variables suggestion above, environment variables under linux are available in:

/proc/[pid]/environ

Therefore, a plaintext password in an environment variable can be read trivially by root or the owner of the tomcat process.

For more information, see https://serverfault.com/questions/133147/proc-pid-environ-missing-variables

This post belongs as a comment to another answer. But I don't have the reputation yet to add comments; this is my first post. I apologize. I felt the security ramifications of a plaintext password in the environment warranted a response.