tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Nacho <na...@siapi.es>
Subject RE: Password encryption
Date Thu, 05 Oct 2000 14:43:08 GMT
Try the latest ( from CVS not released yet ) JDBCRealm it does a
MessageDigest with the password and stores it digested in the database,
this code uses MessageDigest from standard java security, and a
configurable hash method equal to the MessageDigest capabilites, this
code not much tested yet (  me only i think, it works for me without
problems :-) .

Saludos ,
Ignacio J. Ortega


> -----Mensaje original-----
> De: Alistair Hopkins [mailto:alistair@berthengron.co.uk]
> Enviado el: jueves 5 de octubre de 2000 14:04
> Para: tomcat-user@jakarta.apache.org
> Asunto: Password encryption
> 
> 
> Slightly off subject...
> 
> I'm storing passwords for the site in my db.
> 
> I'd like to encrypt them before writing to the db and after 
> reading, so 
> they're not stored on disk in plain text.
> 
> Can anyone recommend a simple java one-hit encryption method 
> that will 
> protect them from casual pinching?  Something like unix 
> crypt, I guess.
> 
> I don't want/haven't the spare processing power to learn up 
> on the javax 
> ssl package, as if anybody malicious is in my database it's 
> not really 
> going to help much anyway...
> 
> Thanks,
> Alistair.
> 

Mime
View raw message