tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Craig R. McClanahan" <>
Subject RE: Digested Passwords and Oracle 8.1.7
Date Tue, 22 Oct 2002 16:26:47 GMT

On Tue, 22 Oct 2002, Graham Lounder wrote:

> Date: Tue, 22 Oct 2002 09:35:11 -0300
> From: Graham Lounder <>
> Reply-To: Tomcat Users List <>
> To: Tomcat Users List <>
> Subject: RE: Digested Passwords and Oracle 8.1.7
> I need the algorithm so I can encrypt a password.  The Tomcat Realm would
> then compare the encrypted password to the encrypted password in the
> database.  I don't need to decrypt the password.

If I recall correctly (it's been a while since I was a heavy Oracle user)
there's a SQL function that is used to do the encryption -- check the
Oracle docs.

Another alternative would be to have your authentication code attempt a
connection with the username and password provided by your user -- success
implies that they got it right.

Note, of course, that using the real Oracle username/password can be a
security risk unless you are in a very tightly controlled environment.

> Graham


To unsubscribe, e-mail:   <>
For additional commands, e-mail: <>

View raw message