tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Christopher Schultz <ch...@christopherschultz.net>
Subject Re: How to set Realm digest for base64 password
Date Mon, 24 Aug 2009 14:43:26 GMT
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Lin,

On 8/13/2009 5:37 AM, Lin Chun wrote:
> I am using the JDBCRealm , but the password of user is not pure text, but
> stored in base64 encoding

As Mark says, you'll have the best luck writing a custom Realm. I have a
couple of other suggestions that might also work:

1. Write your own crypto provider that provides a Base64 "digest"
(base64 is NOT NOT NOT NOT NOT NOT NOT a digest, it's a human-readable
byte encoding, so this is a HUGE HACK THAT COULD REALLY BITE YOU IN THE
ASS) and use that as your digest="Base64" in the Realm.

2. Re-write your entire database with /properly/-digested passwords by
performing the following operation on all passwords:

   a. Read the password from the database.
   b. Decode the password from Base64 into text (kinda silly to base64
      encode the passwords... why are you doing this?)
   c. Hash the password using something like SHA-256 (MD5 and SHA-1 are
      considered cryptographically weak these days).
   d. Write the hashed password back to the database.

Then you can use a stock Realm.

Mark also mentions that JDBCRealm is not recommended for production use.
I completely agree. DataSourceRealm allows multiple simultaneous
authentications and the use of a connection pool instead of a private
connection.

- -chris
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (MingW32)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/

iEYEARECAAYFAkqSpw4ACgkQ9CaO5/Lv0PBYlgCgwA4e7nKIja+lhxtKXCvSYKoD
3vIAnjquCto1/oGEQb9gFbKnQ5zKG7yc
=W0EH
-----END PGP SIGNATURE-----

---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org


Mime
View raw message