You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@tomcat.apache.org by bu...@apache.org on 2013/02/10 12:00:38 UTC
[Bug 51966] Tomcat does not support ssha hashed passwords in all
contexts
https://issues.apache.org/bugzilla/show_bug.cgi?id=51966
--- Comment #12 from Oliver Kohll <ol...@gtwm.co.uk> ---
David, I see your other report
https://issues.apache.org/bugzilla/show_bug.cgi?id=53785
is currently marked RESOLVED WONTFIX. I'm not a security expert but I don't
think there's much argument that salting or a pluggable architecture would be
an improvement on the current implementation of unsalted hashing.
I for one appreciate the work others have done to date, above. It's unfortunate
I don't have enough knowledge to contribute helpful patches myself but I'm sure
this is going to be something that sees an increasing amount of interest.
--
You are receiving this mail because:
You are the assignee for the bug.
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@tomcat.apache.org
For additional commands, e-mail: dev-help@tomcat.apache.org