tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Craig R. McClanahan" <craig...@apache.org>
Subject RE: Digested Passwords and Oracle 8.1.7
Date Tue, 22 Oct 2002 16:26:47 GMT


On Tue, 22 Oct 2002, Graham Lounder wrote:

> Date: Tue, 22 Oct 2002 09:35:11 -0300
> From: Graham Lounder <lounder@caris.com>
> Reply-To: Tomcat Users List <tomcat-user@jakarta.apache.org>
> To: Tomcat Users List <tomcat-user@jakarta.apache.org>
> Subject: RE: Digested Passwords and Oracle 8.1.7
>
> I need the algorithm so I can encrypt a password.  The Tomcat Realm would
> then compare the encrypted password to the encrypted password in the
> database.  I don't need to decrypt the password.
>

If I recall correctly (it's been a while since I was a heavy Oracle user)
there's a SQL function that is used to do the encryption -- check the
Oracle docs.

Another alternative would be to have your authentication code attempt a
connection with the username and password provided by your user -- success
implies that they got it right.

Note, of course, that using the real Oracle username/password can be a
security risk unless you are in a very tightly controlled environment.

> Graham
>

Craig


--
To unsubscribe, e-mail:   <mailto:tomcat-user-unsubscribe@jakarta.apache.org>
For additional commands, e-mail: <mailto:tomcat-user-help@jakarta.apache.org>


Mime
View raw message