tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Anderson, M. Paul" <>
Subject Authentication Mechanisms
Date Wed, 06 Oct 2004 15:59:55 GMT
What mechanisms do you developers typically use for preventing unauthorized
access to a web application?  I'm trying to determine the best approach for
my web app.  Here are the basic guidelines I need to follow:

1.  We must limit access to the site to registered users.
2.  We currently use BASIC authentication.
3.  We currently store passwords in a database in plain text but we now wish
to encrypt them.
4.  I was leaning towards using DIGEST authentication but am not convinced
it works correctly based on various articles/books I've seen.

Do you recommend any other approaches?  Eventually we will be moving towards
a salted-hash scheme for encryption but we were hoping we could stand up a
site using DIGEST to provide some basic initial encryption before moving to
the stronger scheme. 

Any advice would be appreciated.

  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message