Comment 8 for bug 244321

Revision history for this message
In , Thuydn (thuydn) wrote :

Done a bit of investigation on NB 6.5 and found that

- First scenario: If you select Tomcat that bundled with NB when you install NB 6.5 (and later version), the file that
contains the Tomcat server manager's default username and password is stored in
~/.netbeans/6.5/apache-tomcat-6.0_base/config/tomcat-users.xml. Although the file is world-readable, the password
inside the file is encrypted.
The entire folder ~/.netbeans/6.5/apache-tomcat-6.0_base which is the default ${Catalina_Base} chosen by NB is NOT
created at the time of NB installation, but at the time the Tomcat server is first started by users via NB
Servers->server node's popup menu.

- Second scenario: if you manually at Tomcat server to NB via the Add Server wizard, you are asked to enter username and
password for the manager role among other things. The username and password is stored in plain text in tomcat-users.xml
file under ${Catalina_Base}/config folder, where ${catalina_Base} is the folder you enter to the wizard.

Possible solutions:
- Option 1: encrypt the password in the second scenario before storing the password to tomcat-users.xml, then no need to
change the permission of the file.
- Option 2: Create the file (tomcat-users.xml) without word-readable perm, then no need to encrypt the password in
either scenarios.