tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From <dkrusc...@web.de>
Subject Form Based authentication and security
Date Sun, 13 Apr 2003 09:24:30 GMT
Hi,

I am new to tomcat. I have used the Form Based authentication successfully. But I have a problem
that the username and password are in clear text in the tomcat_users.xml. Isn't that quite
unsecure? If someone gets control of the server where tomcat is running, he/she get also access
to the webservice... Does the j_security_check servlet also works when the passwords are encrypted?
Or is the another possiblity to hide the passwords???

Thanks Dagmar
______________________________________________________________________________
UNICEF bittet um Spenden fur die Kinder im Irak! Hier online an
UNICEF spenden: https://spenden.web.de/unicef/special/?mc=021101


---------------------------------------------------------------------
To unsubscribe, e-mail: tomcat-user-unsubscribe@jakarta.apache.org
For additional commands, e-mail: tomcat-user-help@jakarta.apache.org


Mime
View raw message