tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Parsons Technical Services" <parsonstechni...@earthlink.net>
Subject Re: Question for Tomcat Developers - How to Plug In Encryption for JDBC passwords
Date Mon, 28 Feb 2005 11:12:45 GMT
Tomcat must send the unencrypted password to the database. Thus it must 
decrypt it. The whole issue is that Tomcat must act like a user in the role 
of the database. So it must know the password. The best method is to lock 
the user away in a room, then it doesn't matter if the password is written 
all over his hands. The next trick is to make him put it on a piece of paper 
and hide it. Then you could make him put it down in code, but he can't 
remember how to decode it so that has to be written down too.

Doug

----- Original Message ----- 
From: "Varley, Roger" <Roger.Varley@atosorigin.com>
To: "Tomcat Users List" <tomcat-user@jakarta.apache.org>
Sent: Monday, February 28, 2005 4:34 AM
Subject: RE: Question for Tomcat Developers - How to Plug In Encryption for 
JDBC passwords


>
> If I can see your encrypted passwords, then I can see the
> code that decrypts
> them. And with that I have your passwords. It only adds a
> step to my effort
> to crack your security.
>

Is that strictly true? If you use the method that is used to encrypt Unix 
passwords (google for JCrypt for an implementation) then isn't this a 
one-way hash and you can't decrypt the passwords by reversing the 
algorithmn?

Regards
Roger


__________________________________________________________________________
This e-mail and the documents attached are confidential and intended
solely for the addressee; it may also be privileged. If you receive this
e-mail in error, please notify the sender immediately and destroy it.
As its integrity cannot be secured on the Internet, the Atos Origin group
liability cannot be triggered for the message content. Although the
sender endeavours to maintain a computer virus-free network, the sender
does not warrant that this transmission is virus-free and will not be
liable for any damages resulting from any virus transmitted.
__________________________________________________________________________

---------------------------------------------------------------------
To unsubscribe, e-mail: tomcat-user-unsubscribe@jakarta.apache.org
For additional commands, e-mail: tomcat-user-help@jakarta.apache.org





---------------------------------------------------------------------
To unsubscribe, e-mail: tomcat-user-unsubscribe@jakarta.apache.org
For additional commands, e-mail: tomcat-user-help@jakarta.apache.org


Mime
View raw message