Re: [Ejbca-develop] debug log ejbca.sh

SourceForge Headquarters 1320 Columbia Street Suite 310 San Diego, CA 92101 +1 (858) 422-6466

Tomas Gustavsson wrote:
> What's your use case? Why don't you use 24 character randomly generated one-time enrollment codes? 

I'm not talking about enrollment codes. I'm talking about user and its
log-term password used with ejbca.sh on a local system command-line (see subject).

Since EJBCA is a monolithic web application with a single DB user accessing
the whole database a SQL injection flaw could reveal the password hash to an
attacker.

I wish local connections could go over Unix Domain Socket and get
authenticated based on Unix peer credentials making such a long-term password
unnecessary. Same for accessing the local DB. But I guess that's pretty
unusual (or even impossible) with Java.

Ciao, Michael.