Return-Path: Delivered-To: apmail-tomcat-users-archive@www.apache.org Received: (qmail 7727 invoked from network); 17 Aug 2006 13:00:45 -0000 Received: from hermes.apache.org (HELO mail.apache.org) (209.237.227.199) by minotaur.apache.org with SMTP; 17 Aug 2006 13:00:45 -0000 Received: (qmail 82415 invoked by uid 500); 17 Aug 2006 13:00:32 -0000 Delivered-To: apmail-tomcat-users-archive@tomcat.apache.org Received: (qmail 82399 invoked by uid 500); 17 Aug 2006 13:00:31 -0000 Mailing-List: contact users-help@tomcat.apache.org; run by ezmlm Precedence: bulk List-Help: List-Unsubscribe: List-Post: List-Id: Reply-To: "Tomcat Users List" Delivered-To: mailing list users@tomcat.apache.org Received: (qmail 82388 invoked by uid 99); 17 Aug 2006 13:00:31 -0000 X-ASF-Spam-Status: No, hits=-0.0 required=10.0 tests=SPF_PASS X-Spam-Check-By: apache.org Received-SPF: pass (hermes.apache.org: domain of darrenslists@googlemail.com designates 66.249.82.227 as permitted sender) Received: from [66.249.82.227] (HELO wx-out-0506.google.com) (66.249.82.227) by apache.org (qpsmtpd/0.29) with ESMTP; Thu, 17 Aug 2006 06:00:29 -0700 Received: by wx-out-0506.google.com with SMTP id s13so399648wxc for ; Thu, 17 Aug 2006 05:59:09 -0700 (PDT) DomainKey-Signature: a=rsa-sha1; q=dns; c=nofws; s=beta; d=googlemail.com; h=received:in-reply-to:references:mime-version:x-priority:content-type:message-id:content-transfer-encoding:from:subject:date:to:x-mailer; b=kH583BHvPy0Mpe2l2WHr2+sFRdtCJSG/LP2jAQERMq4d/GKyGW14jPYa2OTHNm6phw1o5xJY4CbfyjQmeUEJH4MYulOAQxNyt+ZK31kcjooA4FvKV1KqhY7Y08ous/THGCyW++ZFyyEcnoeLUsAvF3WG2y0YjkTj2z5Kgu4b838= Received: by 10.48.220.15 with SMTP id s15mr2216578nfg; Thu, 17 Aug 2006 05:59:08 -0700 (PDT) Received: from ?192.168.2.103? ( [193.82.131.23]) by mx.gmail.com with ESMTP id q27sm5560690nfc.2006.08.17.05.59.05; Thu, 17 Aug 2006 05:59:06 -0700 (PDT) In-Reply-To: References: <7487E4D8-1BD7-488E-AFC8-BD591C12BEAE@googlemail.com> Mime-Version: 1.0 (Apple Message framework v752.2) X-Priority: 3 Content-Type: text/plain; charset=US-ASCII; delsp=yes; format=flowed Message-Id: Content-Transfer-Encoding: 7bit From: Darren Subject: Re: Encrypt Cleartext Resource Password Date: Thu, 17 Aug 2006 13:58:59 +0100 To: "Tomcat Users List" X-Mailer: Apple Mail (2.752.2) X-Virus-Checked: Checked by ClamAV on apache.org X-Spam-Rating: minotaur.apache.org 1.6.2 0/1000/N > I found this provider to be a good starting point > http://www.bouncycastle.org/latest_releases.html > > There are multiple classes available for Message Digest 5 > http://www.bouncycastle.org/docs/docs1.5/index.html > one of which is Message Digest 5 with Data Encryption Standard > see > JCEBlockCipher.PBEWithMD5AndDES > > Does this answer your question? Um no, but thanks anyway :-) My problem was not in generating md5 hashes, but in using them in the server.xml instead of plain text passwords for JDBC resources. It seems this was bought up in 2002 and as no solution has been implemented it can't be trivial. The JDBC connection pooling must need the clear text password to establish the connection, with no option of supplying a username and hashed password (if it could accept a hashed version the hashed password would then become as security sensitive as the clear text version!). The only option left is to encode the password which would only hide it from casual browsers and not offer any form of real security. File permissions and server security it is then! Thanks. --------------------------------------------------------------------- To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org For additional commands, e-mail: users-help@tomcat.apache.org