axis-java-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Martin Gainty <mgai...@hotmail.com>
Subject RE: how o use stored password in a database which rampart should verify
Date Wed, 08 May 2013 09:44:34 GMT
The idea behind securing any site is prevent access from anyone who does not have access to
the proper credentials to access the site
 
you should store the salt in the database if and only if you want to provide dbas the ability
to encrypt/decrypt your password

otherwise store the salt elsewhere

Boa sorte,
Martin 
______________________________________________ 
Verzicht und Vertraulichkeitanmerkung

Diese Nachricht ist vertraulich. Sollten Sie nicht der vorgesehene Empfaenger sein, so bitten
wir hoeflich um eine Mitteilung. Jede unbefugte Weiterleitung oder Fertigung einer Kopie ist
unzulaessig. Diese Nachricht dient lediglich dem Austausch von Informationen und entfaltet
keine rechtliche Bindungswirkung. Aufgrund der leichten Manipulierbarkeit von E-Mails koennen
wir keine Haftung fuer den Inhalt uebernehmen.
  


> Date: Tue, 7 May 2013 15:41:06 -0300
> Subject: Re: how o use stored password in a database which rampart should verify
> From: robertlazarski@gmail.com
> To: java-user@axis.apache.org; taniamm2002@yahoo.com
> 
> On Tue, May 7, 2013 at 3:39 PM, robert lazarski
> <robertlazarski@gmail.com> wrote:
> > On Mon, May 6, 2013 at 11:52 AM, Tania Marinova <taniamm2002@yahoo.com> wrote:
> > To hash, store this 'digest' value in the DB in the password column as
> > its already encoded to Base64 - do not store the salt in the db:
> >
> 
> I meant to say don't store the salt in a separate db column. The salt
> will be part of the digest you create.
> 
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: java-user-unsubscribe@axis.apache.org
> For additional commands, e-mail: java-user-help@axis.apache.org
> 
 		 	   		  
Mime
View raw message