tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Darren <darrensli...@googlemail.com>
Subject Re: Encrypt Cleartext Resource Password
Date Thu, 17 Aug 2006 12:58:59 GMT
> I found this provider to be a good starting point
> http://www.bouncycastle.org/latest_releases.html
>
> There are multiple classes available for Message Digest 5
> http://www.bouncycastle.org/docs/docs1.5/index.html
> one of which is Message Digest 5 with Data Encryption Standard
> see
> JCEBlockCipher.PBEWithMD5AndDES
>
> Does this answer your question?

Um no, but thanks anyway :-)  My problem was not in generating md5  
hashes, but in using them in the server.xml instead of plain text  
passwords for JDBC resources.

It seems this was bought up in 2002 and as no solution has been  
implemented it can't be trivial.  The JDBC connection pooling must  
need the clear text password to establish the connection, with no  
option of supplying a username and hashed password (if it could  
accept a hashed version the hashed password would then become as  
security sensitive as the clear text version!).  The only option left  
is to encode the password which would only hide it from casual  
browsers and not offer any form of real security.  File permissions  
and server security it is then!

Thanks.


---------------------------------------------------------------------
To start a new topic, e-mail: users@tomcat.apache.org
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org


Mime
View raw message