geronimo-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Aaron Mulder" <ammul...@alumni.princeton.edu>
Subject Re: Can I hash my passwords
Date Thu, 06 Apr 2006 13:07:08 GMT
Yes you can...  but at the moment you'd need to write a bit of code. 
For example, if you copy the code for
org.apache.geronimo.security.realm.providers.PropertiesFileLoginModule,
you could just add a tiny bit to hash the password before comparing it
to the entry in the Properties, and then use your favorite tool to add
the hashed entries to the file.

You could also add an "Improvement" JIRA since this is a feature we've
talked about making standard a number of times, but we've never
actually gotten around to it.

Thanks,
    Aaron

On 4/6/06, Rohit Rai <rohitbrai@gmail.com> wrote:
>
> Hello everyone,
>
> another minor thing but couldn't find it anywhere on net or docs.
>
> Our web application saves the rgistered user passwords 'Hashed' in the
> database. The hash algorithm is negotiable but the passwords ARE TO BE
> HASHED.
>
> We want to use the standard J2EE container security. I plan to configure
> Geronimo to use the standard SQL Security realm for this. Now on some other
> servers I have seen support for password hash, like JBoss has <passwordhash>
> or some similar tag to define what type of hash is to be used.
>
> Can I acheive this some how in Geronimo???
>
> Thanks in advance
>
> Regards,
> Rohit Rai
>
> --
> Dream like you're never gonna die, Live like you're gonna die today!

Mime
View raw message