search cancel

Server.xml contains keystore password in cleartext


Article ID: 160577


Updated On:


Data Loss Prevention Enforce


On the Enforce server we store the "protect" password in clear text in the "server.xml" file.
Can this be encrypted?


Location of this Tomcat file for DLP 15.1 and later is located here by default:  <drive>:\Program Files\Symantec\DataLossPrevention\EnforceServer\15.x\Protect\tomcat\conf\


In order to get access to that file in DLP, one would need to have access to the Enforce server and the DLP product installation.
Given access, a malicious user would have many vectors to disable or damage DLP monitoring.

It is recommended that customer should control authorization and access to the DLP systems very carefully.
Also, we are using out of the box tomcat, therefore a JIRA would not apply. We do set it up within the possibilities of the framework, but will not perform code changes which would affect our ability to support the framework since we would affectively own and support this new code branch.