db-torque-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Brian McCallister <mccallis...@forthillcompany.com>
Subject Re: Storing and validating passwords
Date Fri, 02 May 2003 15:31:26 GMT
Suggestion for storing passwords:

hash them with a concatenated username (if it is immutable) or userid, 
or whatever as a cheap salt =)

-Brian

On Friday, May 2, 2003, at 11:21 AM, Bill Schneider wrote:

> How are these passwords being used?  If you are using Tomcat's JDBC 
> realm
> and container-managed authentication, you can call a method on the JDBC
> realm class to hash the password the way Tomcat expects it to be.  
> Other app
> servers have similar APIs.
>
> -- Bill
> ----- Original Message -----
> From: "Derek Hardy" <derek.hardy@teknosys.co.uk>
> To: <torque-user@db.apache.org>
> Sent: Friday, May 02, 2003 10:44 AM
> Subject: Storing and validating passwords
>
>
>> Hi
>>
>> I want to use Torque to query a table of users that has the password
> stored
>> in the table, but encrypted.
>>
>> Is there a platform-independant way of doing this?
>>
>> If not, how can I do this using the MySQL sha1() method?
>>
>> Thanks in advance for any help.
>>
>> Derek Hardy
>>
>>
>> ---------------------------------------------------------------------
>> To unsubscribe, e-mail: torque-user-unsubscribe@db.apache.org
>> For additional commands, e-mail: torque-user-help@db.apache.org
>>
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: torque-user-unsubscribe@db.apache.org
> For additional commands, e-mail: torque-user-help@db.apache.org
>
>


Mime
View raw message