You are viewing a plain text version of this content. The canonical link for it is here.

Posted to users@tomcat.apache.org by Markus Kirsten <ma...@iped.vxu.se> on 2002/06/07 10:24:59 UTC

Encrypted passwords in a JDBC Realm

I've just went through the documentation concerning setting up a JDBC 
Realm as well as some of the MySQL documentation. It seems to me that to 
use encrypted passwords I need to manually encrypt them before I store 
them in my database since it is not possible to set the digest attribute 
in the Realm element to the encryption algorithm MySQL uses for storing 
passwords (with the function password()). Is this correct?

This hardly causes any problems since it's simple to encrypt the 
password in my application before storing it in the database, but I 
loose the possibility to manage passwords directly through SQL. Any 
workaround?


Markus


--
To unsubscribe, e-mail:   <ma...@jakarta.apache.org>
For additional commands, e-mail: <ma...@jakarta.apache.org>

Re: Encrypted passwords in a JDBC Realm

Posted by Rick Fincher <rn...@tbird.com>.

Hi Markus,

You can use the same calls in Java to encrypt that Tomcat does.  When you
use encrypted passwords with form based authentication, Tomcat reads the
clear text password from the user, then encrypts it according to your
settings (MD-5 for exmple), then retrieves the pre-encrypted password from
whatever source it is stored in.  Then Tomcat compares its encrypted version
with what it reads in clear text (pre-encrypted) to authenticate.

You just write your code and call the encrypter before sending the new
password to the database.

I believe there is mention of this in the docs somewhere, listing the
packages and methods needed.

Rick
----- Original Message -----
From: "Markus Kirsten" <ma...@iped.vxu.se>



> I've just went through the documentation concerning setting up a JDBC
> Realm as well as some of the MySQL documentation. It seems to me that to
> use encrypted passwords I need to manually encrypt them before I store
> them in my database since it is not possible to set the digest attribute
> in the Realm element to the encryption algorithm MySQL uses for storing
> passwords (with the function password()). Is this correct?
>
> This hardly causes any problems since it's simple to encrypt the
> password in my application before storing it in the database, but I
> loose the possibility to manage passwords directly through SQL. Any
> workaround?
>
>
> Markus
>


--
To unsubscribe, e-mail:   <ma...@jakarta.apache.org>
For additional commands, e-mail: <ma...@jakarta.apache.org>