tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Christopher Schultz <ch...@christopherschultz.net>
Subject Re: question about realm auth and digest attribute
Date Mon, 22 Sep 2008 21:28:06 GMT
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Joe,

Joe A wrote:
> i'm talking about the part of configuration that lets you choose specify how
> the passwords are stored in the users table.

I think for DIGEST auth, you don't want /any/ hashing for the password
in the user's table. You want the value in your database to be:

MD5(username:realm:password)

Otherwise, you'll have to store it in plain-text (or reversible
encryption) in order to properly check against the incoming hash from
the client.

As Mark says, anything supported by the JVM is legal as a hashing
function, here.

- -chris

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (MingW32)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iEYEARECAAYFAkjYDeYACgkQ9CaO5/Lv0PAu2ACfauehk2vMrvv2Or4mRIDnEq4Y
sT4An0PoLwTNeZ91bSI2MAw2TtJhpiUC
=luOm
-----END PGP SIGNATURE-----

---------------------------------------------------------------------
To start a new topic, e-mail: users@tomcat.apache.org
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org


Mime
View raw message