tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From zhongliang zhang <zhangzho...@msn.com>
Subject RE: [tomcat]How to decrypt the DIGEST authentication?
Date Mon, 05 Nov 2007 06:16:06 GMT

thanks for your replying.
Now It works if I specify the alg with "MD5",but still does not work with "SHA".
and I do not know what does the middle field of "zhangzhongl:JDBCRealm:secret" means,that
is,the "JDBCRealm",is it a unchangeable part?I do not think so,for the Tomcat docs give an
example of "localhost:8080",but when I changed it to that,my app does not works.
And further more,the application has the functions of modifying password and new a user,so
I have to deal with the transport of these passwords,too.I planned to user javascript to encrypt
the password at these situations,is it a way worth to try?
what about encrypting the password use javascript at the login page?is it safe?what I am afraid
is someone get the RequestURL,username,password(encrypted),and he write an form,then he can
login to my application.Is it possible for some badguy to do this?
I know the SSL communication is the best way,while the pity is that I am not allowed to use
it.
thanks so much for helping me to solve this problem,it confused me for couple of days.
_________________________________________________________________
Connect to the next generation of MSN Messenger 
http://imagine-msn.com/messenger/launch80/default.aspx?locale=en-us&source=wlmailtagline
---------------------------------------------------------------------
To start a new topic, e-mail: users@tomcat.apache.org
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org


Mime
View raw message