Hi!
I am on linux and did setup ssl with own certificate.
if i use top/htop to see running processes one can read all parameters given to java, including keystore/privatekey password. So any user who may have acces to htop may retrive the private key used for ssl encryption.
This is verybad as the certificate may be used by other applications/services on other hosts.
programm itself shoul read those configurations from file which one could restrict access to, so not every user can retrive the private key.
1
[security] hide configuration parameters from commandline
Moderator: moderators
1 post
• Page 1 of 1
[security] hide configuration parameters from commandline
by keckskoenig » Mon Jul 29, 2013 9:14 pm
- keckskoenig
- Posts: 4
- Joined: Fri Jul 01, 2011 8:51 pm
1 post
• Page 1 of 1
Who is online
Users browsing this forum: No registered users and 1 guest