Home/ Questions/Q 205967
In Process

The Archive Base Latest Questions

Editorial Team
  • 0
Asked: 2026-05-11T17:36:13+00:00

This is probably a stupid question, but how much of a security risk is

  • 0

This is probably a stupid question, but how much of a security risk is it to set my web server ssl configuration (e.g. keystore password) via System.setProperty…

If I did something like:

System.setProperty("javax.net.keyStorePassword", "password");
  1. Is that likely to cause a security problem?
  2. Is there a way to safeguard against that risk while still setting the property?
  3. How would someone go about compromising that?

Note: Just to add a little more specifics, This is a web app running on Tomcat 6 in Red Hat.

Share

Leave an answer

You must login to add an answer.

Need An Account,

1 Answer

  1. Editorial Team

    How much of a risk this is depends on the environment in which your code runs and on who you are trying to protect against. If an attacker has access to the platform itself or can somehow inject code into your platform, then setting properties this way is the least of your troubles.

    As long as your platform is secure against attackers being able to run arbitrary code in your environment, you should be pretty safe.

    • 0