tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From <>
Subject Form Based authentication and security
Date Sun, 13 Apr 2003 09:24:30 GMT

I am new to tomcat. I have used the Form Based authentication successfully. But I have a problem
that the username and password are in clear text in the tomcat_users.xml. Isn't that quite
unsecure? If someone gets control of the server where tomcat is running, he/she get also access
to the webservice... Does the j_security_check servlet also works when the passwords are encrypted?
Or is the another possiblity to hide the passwords???

Thanks Dagmar
UNICEF bittet um Spenden fur die Kinder im Irak! Hier online an
UNICEF spenden:

To unsubscribe, e-mail:
For additional commands, e-mail:

View raw message