tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From zhongliang zhang <>
Subject RE: [tomcat]How to decrypt the DIGEST authentication?
Date Mon, 05 Nov 2007 06:16:06 GMT

thanks for your replying.
Now It works if I specify the alg with "MD5",but still does not work with "SHA".
and I do not know what does the middle field of "zhangzhongl:JDBCRealm:secret" means,that
is,the "JDBCRealm",is it a unchangeable part?I do not think so,for the Tomcat docs give an
example of "localhost:8080",but when I changed it to that,my app does not works.
And further more,the application has the functions of modifying password and new a user,so
I have to deal with the transport of these passwords,too.I planned to user javascript to encrypt
the password at these situations,is it a way worth to try?
what about encrypting the password use javascript at the login page?is it safe?what I am afraid
is someone get the RequestURL,username,password(encrypted),and he write an form,then he can
login to my application.Is it possible for some badguy to do this?
I know the SSL communication is the best way,while the pity is that I am not allowed to use
thanks so much for helping me to solve this problem,it confused me for couple of days.
Connect to the next generation of MSN Messenger
To start a new topic, e-mail:
To unsubscribe, e-mail:
For additional commands, e-mail:

View raw message