tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Mark Thomas <ma...@apache.org>
Subject Re: [tomcat]How to decrypt the DIGEST authentication?
Date Sun, 04 Nov 2007 18:18:51 GMT
Johnny Kewl wrote:
> I dont think you can do what you want to...
> I dont think you can use web based DIGEST authentication.
> And then hide passwords in a MD5 digest as well.

Yes you can.

> I think web based DIGEST authentication, MUST get at the plain text
> password.

No.

> That process has to be repeated on the server, and SHA(Password) + plus
> some random stuff NOT EQUAL to browser...
> I think it has to be a plain text password... unless TC does something
> unbelievable...

Not unbelievable. Just plain cold logic. The use of DIGEST auth and
digested passwords are 100% independent.

Mark


---------------------------------------------------------------------
To start a new topic, e-mail: users@tomcat.apache.org
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org


Mime
View raw message