Secure Coding mailing list archives
Re: Java keystore password storage
From: Mark <elihusmails () gmail com>
Date: Tue, 03 May 2005 23:23:16 +0100
Entering the password on the command line could be an option if you choose the Java Invocation API. I have done this in the past and it has worked really well. On 4/25/05, john bart <[EMAIL PROTECTED]> wrote:
Hello to all the list. I need some advice on where to store the keystore's password. Right now, i have something like this in my code: keystore = KeyStore.getInstance("JKS"); keystore.load(new FileInputStream("keystore.jks"),"PASSWORD"); the question is, where do i store the password string? all of the possibilities that i thought about are not good enough: 1) storing it in the code - obviously not. 2) storing it in a seperate config file is also not secure. 3) entering the password at runtime is not an option. 4) encrypting the password - famous chicken and egg problem (storing the encryption key) Any ideas? _________________________________________________________________ Express yourself instantly with MSN Messenger! Download today it's FREE! http://messenger.msn.click-url.com/go/onm00200471ave/direct/01/
Current thread:
- Re: Java keystore password storage, (continued)
- Re: Java keystore password storage Nash (Apr 25)
- RE: Java keystore password storage Chris Matthews (Apr 25)
- RE: Java keystore password storage David Crocker (Apr 25)
- Re: Java keystore password storage Edgar Danielyan (Apr 26)
- Re: Java keystore password storage Michael Silk (Apr 26)
- Re: Java keystore password storage Edgar Danielyan (Apr 26)
- Re: Java keystore password storage Edgar Danielyan (Apr 26)
- Re: Java keystore password storage Blue Boar (Apr 26)
- Re: Java keystore password storage ljknews (Apr 26)
- RE: Java keystore password storage Chris Matthews (Apr 26)
- Re: Java keystore password storage Nash (Apr 27)
- Re: Java keystore password storage Mark (May 03)
- RE: Java keystore password storage Goertzel Karen (Apr 25)
- Re: Java keystore password storage Fredrik Hesse (Apr 25)
- RE: Java keystore password storage Michael Howard (Apr 25)
- RE: Java keystore password storage john bart (Apr 26)
- RE: Java keystore password storage Michael Howard (Apr 26)
- RE: Java keystore password storage Scott, Richard (May 18)
- RE: Java keystore password storage Scott, Richard (Jun 24)