You are viewing a plain text version of this content. The canonical link for it is here.

Posted to users@cxf.apache.org by lives <li...@gmail.com> on 2010/09/04 13:18:06 UTC

Re: WS-Security [UserNameToken] against encrypted database password

hi,
Thanks for the detailed explanation.
It looks like password digest cannot be used when the application stores the
hashed password in the database.

the solution suggested is that the password has to be plain text over SSL .

If i cannot use SSL , is there any other alternative to transmit password in
a secure manner.

Thanks
lives
-- 
View this message in context: http://cxf.547215.n5.nabble.com/WS-Security-UserNameToken-against-encrypted-database-password-tp561377p2803340.html
Sent from the cxf-user mailing list archive at Nabble.com.