Menu
▾
▴
Re: [Ejbca-develop] debug log ejbca.sh
|
From: Tomas G. <to...@pr...> - 2015-02-26 17:54:52
|
That password should use a non brutable length. If you wish you can disable the command line interface completely even. Anyhow, the cli password is only usable for the cli. If you manage to get hold of it, you also need to manage to get access to the command line of your CA, not so easy I hope. /Tomas On February 26, 2015 6:21:26 PM GMT+01:00, "Michael Ströder" <mi...@st...> wrote: >Tomas Gustavsson wrote: >> What's your use case? Why don't you use 24 character randomly >generated one-time enrollment codes? > >I'm not talking about enrollment codes. I'm talking about user and its >log-term password used with ejbca.sh on a local system command-line >(see subject). > >Since EJBCA is a monolithic web application with a single DB user >accessing >the whole database a SQL injection flaw could reveal the password hash >to an >attacker. > >I wish local connections could go over Unix Domain Socket and get >authenticated based on Unix peer credentials making such a long-term >password >unnecessary. Same for accessing the local DB. But I guess that's pretty >unusual (or even impossible) with Java. > >Ciao, Michael. > > > >------------------------------------------------------------------------ > >------------------------------------------------------------------------------ >Dive into the World of Parallel Programming The Go Parallel Website, >sponsored >by Intel and developed in partnership with Slashdot Media, is your hub >for all >things parallel software development, from weekly thought leadership >blogs to >news, videos, case studies, tutorials and more. Take a look and join >the >conversation now. http://goparallel.sourceforge.net/ > >------------------------------------------------------------------------ > >_______________________________________________ >Ejbca-develop mailing list >Ejb...@li... >https://lists.sourceforge.net/lists/listinfo/ejbca-develop |
