Menu
▾
▴
Re: [Ejbca-develop] debug log ejbca.sh
|
From: Tomas G. <to...@pr...> - 2015-02-27 10:00:32
|
Https and Java is of course another topic than bcrypt performance. You can implement various barriers and additional steps to further harden this access as well. We managed to be non affected by most of these vulnerabilities in our implementations. There is of course never any definite guarantee against vulnerabilities. Cheers, Tomas On February 27, 2015 9:41:00 AM GMT+01:00, "Michael Ströder" <mi...@st...> wrote: >Tomas Gustavsson wrote: >> That password should use a non brutable length. > >Yes, of course. > >> If you wish you can disable the command line interface completely >even. > >I deliberately keep this enabled until it's sure that the admins take >care of >renewing their admin certs in time. > >> Anyhow, the cli password is only usable for the cli. If you manage to >get >> hold of it, you also need to manage to get access to the command line >of >> your CA, not so easy I hope. > >I also hope this and of course the operators are doing their best to >harden >the machines. But given all the really serious security threats in Java >during >the last 2 years I'm really concerned that I have to allow direct HTTPS >access >to adminweb for individual authentication/authorization with client >certs. > >Letting components run under different OS accounts communicating over >Unix >Domain Sockets (or other OS pipes) would be really great. > >Ciao, Michael. > > > >------------------------------------------------------------------------ > >------------------------------------------------------------------------------ >Dive into the World of Parallel Programming The Go Parallel Website, >sponsored >by Intel and developed in partnership with Slashdot Media, is your hub >for all >things parallel software development, from weekly thought leadership >blogs to >news, videos, case studies, tutorials and more. Take a look and join >the >conversation now. http://goparallel.sourceforge.net/ > >------------------------------------------------------------------------ > >_______________________________________________ >Ejbca-develop mailing list >Ejb...@li... >https://lists.sourceforge.net/lists/listinfo/ejbca-develop |
