You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@tomcat.apache.org by Lorenzo Jiménez <lj...@nacion.co.cr> on 2005/04/13 22:12:50 UTC
RE: How can I create a digest password - digest.bat is the key!
Dear Paulo:
Thanks for your comments.
What we want is to have minimum exposure to hacking.
We found out that, in the context.xml, we can specify the users.xml file, and the digest method. So now it is possible to have a different user and password for admin and manager, and in a separate location where hackers -hopelly- cannot get thru.
Also in the net we found that we can generate the MD5 password using digest.bat that is in the tomcat/bin directory. This worked perfectly!
Thanks again,
Regards,
Lorenzo Jimenez
-----Original Message-----
From: Paulo Alvim [mailto:alvim@powerlogic.com.br]
Sent: Miércoles, 13 de Abril de 2005 02:01 p.m.
To: Tomcat Users List
Subject: [SPAM2] - RES: How can I create a digest password - another error - Found word(s) list error in the Text body
Hi,
I don't know if it's your objective but is it possible to use MD5 to encode
passwords in the DBCP conf files?
Is there any documentation about how could we avoid to have the real
passwords in these files?
Thanks in advance!
Alvim
-----Mensagem original-----
De: Lorenzo Jiménez [mailto:ljimenez@nacion.co.cr]
Enviada em: quarta-feira, 13 de abril de 2005 15:04
Para: Tomcat Users List
Assunto: RE: How can I create a digest password - another error
Prioridade: Alta
Dear Jerry:
Thanks for the advice.
I follow your advice but did not worked. I use this
C:\>java -cp C:\Java\Tomcat5.0.28\common\lib\catalina.jar
org.apache.catalina.realm.RealmBase -a MD5 admin
And I got this error:
Exception in thread "main" java.lang.NoClassDefFoundError:
javax/management/MBeanRegistration
at java.lang.ClassLoader.defineClass0(Native Method)
at java.lang.ClassLoader.defineClass(Unknown Source)
at java.security.SecureClassLoader.defineClass(Unknown Source)
at java.net.URLClassLoader.defineClass(Unknown Source)
at java.net.URLClassLoader.access$100(Unknown Source)
at java.net.URLClassLoader$1.run(Unknown Source)
at java.security.AccessController.doPrivileged(Native Method)
at java.net.URLClassLoader.findClass(Unknown Source)
at java.lang.ClassLoader.loadClass(Unknown Source)
at sun.misc.Launcher$AppClassLoader.loadClass(Unknown Source)
at java.lang.ClassLoader.loadClass(Unknown Source)
at java.lang.ClassLoader.loadClassInternal(Unknown Source)
Thanks again,
Lorenzo
-----Original Message-----
From: J Malcolm [mailto:techstuff@malcolms.com]
Sent: Miércoles, 13 de Abril de 2005 11:07 a.m.
To: 'Tomcat Users List'
Subject: [SPAM2] - RE: How can I create a digest password - Found word(s)
list error in the Text body
The problem you are hiting is due to the location of the jar file in the
default tomcat install. You can move the jar file into the lib\common area.
Frankly, I think it's much cleaner to just copy the code to create pw's into
one of your own classes. It's only a few lines of code. Just find the
realmbase class in the Tomcat source and clone the method.
Jerry
-----Original Message-----
From: Lorenzo Jiménez [mailto:ljimenez@nacion.co.cr]
Sent: Wednesday, April 13, 2005 11:57 AM
To: Tomcat Users List
Subject: How can I create a digest password
Importance: High
Hi,
I need help to generate encrypted passwords. Using the Tomcat 5's
documentation:
C:\>java org.apache.catalina.realm.RealmBase -a MD5 mypassd
And this is the error message:
"Exception in thread "main" java.lang.NoClassDefFoundError:
org/apache/catalina/realm/RealmBase"
I also checked the classpath, and Catalina.jar is in it.
I even tried being positioned on catalina's directory.
Using Win XP, Tomcat 5.0.28, and j2sdk1.4.2_07.
Thank you very much!
Lorenzo
-------------------------------------------------------------
Si usted no es el destinatario indicado en este mensaje o responsable como
persona
de la entrega del mensaje, no debe copiar o reenviar este mensaje, por favor
notifique
al correo infosegura@nacion.com. Para más referencia sobre términos
importantes
relacionados a este correo visite
http://www.nacion.com/disclaimer/index_es2.htm
If you are not the addressee indicated in this message (or responsible for
delivery of the
message to such person), you may not copy or send this message to anyone,
please notify
to infosegura@nacion.com. Click here for important additional terms relating
to this e-mail.
<http://www.nacion.com/disclaimer/index_en2.htm>
-------------------------------------------------------------
---------------------------------------------------------------------
To unsubscribe, e-mail: tomcat-user-unsubscribe@jakarta.apache.org
For additional commands, e-mail: tomcat-user-help@jakarta.apache.org
---------------------------------------------------------------------
To unsubscribe, e-mail: tomcat-user-unsubscribe@jakarta.apache.org
For additional commands, e-mail: tomcat-user-help@jakarta.apache.org
---------------------------------------------------------------------
To unsubscribe, e-mail: tomcat-user-unsubscribe@jakarta.apache.org
For additional commands, e-mail: tomcat-user-help@jakarta.apache.org
---------------------------------------------------------------------
To unsubscribe, e-mail: tomcat-user-unsubscribe@jakarta.apache.org
For additional commands, e-mail: tomcat-user-help@jakarta.apache.org
---------------------------------------------------------------------
To unsubscribe, e-mail: tomcat-user-unsubscribe@jakarta.apache.org
For additional commands, e-mail: tomcat-user-help@jakarta.apache.org
How to trace email received.
Posted by Daxin Zuo <dz...@techexcel.com>.
Hello, In my application, I need a component, which checks emails. If an
email is the one in responsing my application action, I will process it
(write some record in database).
If you have example for it, please forward me instruction.
Thanks
---------------------------------------------------------------------
To unsubscribe, e-mail: tomcat-user-unsubscribe@jakarta.apache.org
For additional commands, e-mail: tomcat-user-help@jakarta.apache.org
RES: RES: How can I create a digest password - digest.bat is the key!
Posted by Paulo Alvim <al...@powerlogic.com.br>.
Thank you...
My English is not so good...but what I'd like to say is that if these
"admins and webadmins" guys are editing the configuration files and typing
the passwords as they are...it's easier for an "internal observer racker".
If the pass would be encrypted it would be 'a little' more difficult...
-----Mensagem original-----
De: Parsons Technical Services [mailto:parsonstechnical@earthlink.net]
Enviada em: quinta-feira, 14 de abril de 2005 00:58
Para: Tomcat Users List
Assunto: Re: RES: How can I create a digest password - digest.bat is the
key!
Dejavu....
In a properly configured system, if the attacker can read the server.xml or
context element then he has OWNED your system and has free reign.
If secured on windows then only two groups should have access, admins and
the webadmins. If either of those have been compromised you got big issues.
What exactly do you mean by "watch clean passwords"?
Doug
----- Original Message -----
From: "Paulo Alvim" <al...@powerlogic.com.br>
To: "Tomcat Users List" <to...@jakarta.apache.org>
Sent: Wednesday, April 13, 2005 7:00 PM
Subject: RES: RES: How can I create a digest password - digest.bat is the
key!
> Ok, thank you,
>
> I didn't think that it would be the only solution...but it would make
> things
> a little more difficult and our customers don't like the idea of to watch
> clean passwords because they don't do it to create Windows Services or
> Oracle users.
>
> We know that these softwares have proprietary databases to store that
> pass -
> but I was wondering what could be done in the Tomcat Open-Source
> context...do you think that the only approach would be to protect the
> folders/files - file system level security? What are you guys doing?
>
> -----Mensagem original-----
> De: Mark Thomas [mailto:markt@apache.org]
> Enviada em: quarta-feira, 13 de abril de 2005 18:16
> Para: Tomcat Users List
> Assunto: Re: RES: How can I create a digest password - digest.bat is the
> key!
>
>
> Paulo,
>
> I am pretty sure this won't work. Tomcat can't calculate the real
> password (required by the database) from the hash. The key feature of a
> hash is its one way nature.
>
> Also, if Tomcat could get the password from the hash so could any
> attacker.
>
> Mark
>
> Paulo Alvim wrote:
>> Lorenzo,
>>
>> Are you using the DBCP JDBC connection pooling (with that configuration
>> files in the "conf/catalina/localhost")?
>>
>> We'd like to know if your approach could be used to change the "JDBC pool
>> configuration files" from:
>>
>> <ResourceParams name="jdbc/jcompanyadmseg">
>> <parameter>
>> <name>driverClassName</name>
>> <value>oracle.jdbc.driver.OracleDriver</value>
>> </parameter>
>> <parameter>
>> <name>url</name>
>> <value>jdbc:oracle:thin:@xxxxx:1521:oraplcdb</value>
>> </parameter>
>> <parameter>
>> <name>username</name>
>> <value>demo3</value>
>> </parameter>
>> <parameter>
>> <name>password</name>
>> <value>mypass</value>
>> </parameter>
>> (...)
>> </ResourceParams>
>>
>> ...to something like (pass encrypted):
>>
>> <ResourceParams name="jdbc/jcompanyadmseg">
>> <parameter>
>> <name>driverClassName</name>
>> <value>oracle.jdbc.driver.OracleDriver</value>
>> </parameter>
>> <parameter>
>> <name>url</name>
>> <value>jdbc:oracle:thin:@xxxxx:1521:oraplcdb</value>
>> </parameter>
>> <parameter>
>> <name>username</name>
>> <value>demo3</value>
>> </parameter>
>> <parameter>
>> <name>password</name>
>> <value>%$&#I(#)$</value>
>> </parameter>
>> (...)
>> </ResourceParams>
>>
>>
>> -----Mensagem original-----
>> De: Lorenzo Jiménez [mailto:ljimenez@nacion.co.cr]
>> Enviada em: quarta-feira, 13 de abril de 2005 17:13
>> Para: Tomcat Users List
>> Assunto: RE: How can I create a digest password - digest.bat is the key!
>> Prioridade: Alta
>>
>>
>> Dear Paulo:
>>
>> Thanks for your comments.
>>
>> What we want is to have minimum exposure to hacking.
>>
>> We found out that, in the context.xml, we can specify the users.xml file,
>> and the digest method. So now it is possible to have a different user and
>> password for admin and manager, and in a separate location where
>> hackers -hopelly- cannot get thru.
>>
>> Also in the net we found that we can generate the MD5 password using
>> digest.bat that is in the tomcat/bin directory. This worked perfectly!
>>
>> Thanks again,
>> Regards,
>>
>> Lorenzo Jimenez
>>
>>
>>
>> -----Original Message-----
>> From: Paulo Alvim [mailto:alvim@powerlogic.com.br]
>> Sent: Miércoles, 13 de Abril de 2005 02:01 p.m.
>> To: Tomcat Users List
>> Subject: [SPAM2] - RES: How can I create a digest password - another
> error -
>> Found word(s) list error in the Text body
>>
>> Hi,
>>
>> I don't know if it's your objective but is it possible to use MD5 to
> encode
>> passwords in the DBCP conf files?
>>
>> Is there any documentation about how could we avoid to have the real
>> passwords in these files?
>>
>> Thanks in advance!
>>
>> Alvim
>>
>> -----Mensagem original-----
>> De: Lorenzo Jiménez [mailto:ljimenez@nacion.co.cr]
>> Enviada em: quarta-feira, 13 de abril de 2005 15:04
>> Para: Tomcat Users List
>> Assunto: RE: How can I create a digest password - another error
>> Prioridade: Alta
>>
>>
>>
>> Dear Jerry:
>>
>> Thanks for the advice.
>>
>> I follow your advice but did not worked. I use this
>>
>> C:\>java -cp C:\Java\Tomcat5.0.28\common\lib\catalina.jar
>> org.apache.catalina.realm.RealmBase -a MD5 admin
>>
>> And I got this error:
>>
>> Exception in thread "main" java.lang.NoClassDefFoundError:
>> javax/management/MBeanRegistration
>> at java.lang.ClassLoader.defineClass0(Native Method)
>> at java.lang.ClassLoader.defineClass(Unknown Source)
>> at java.security.SecureClassLoader.defineClass(Unknown Source)
>> at java.net.URLClassLoader.defineClass(Unknown Source)
>> at java.net.URLClassLoader.access$100(Unknown Source)
>> at java.net.URLClassLoader$1.run(Unknown Source)
>> at java.security.AccessController.doPrivileged(Native Method)
>> at java.net.URLClassLoader.findClass(Unknown Source)
>> at java.lang.ClassLoader.loadClass(Unknown Source)
>> at sun.misc.Launcher$AppClassLoader.loadClass(Unknown Source)
>> at java.lang.ClassLoader.loadClass(Unknown Source)
>> at java.lang.ClassLoader.loadClassInternal(Unknown Source)
>>
>> Thanks again,
>>
>> Lorenzo
>>
>>
>>
>>
>> -----Original Message-----
>> From: J Malcolm [mailto:techstuff@malcolms.com]
>> Sent: Miércoles, 13 de Abril de 2005 11:07 a.m.
>> To: 'Tomcat Users List'
>> Subject: [SPAM2] - RE: How can I create a digest password - Found word(s)
>> list error in the Text body
>>
>> The problem you are hiting is due to the location of the jar file in the
>> default tomcat install. You can move the jar file into the lib\common
> area.
>>
>> Frankly, I think it's much cleaner to just copy the code to create pw's
> into
>> one of your own classes. It's only a few lines of code. Just find the
>> realmbase class in the Tomcat source and clone the method.
>>
>> Jerry
>>
>> -----Original Message-----
>> From: Lorenzo Jiménez [mailto:ljimenez@nacion.co.cr]
>> Sent: Wednesday, April 13, 2005 11:57 AM
>> To: Tomcat Users List
>> Subject: How can I create a digest password
>> Importance: High
>>
>> Hi,
>>
>> I need help to generate encrypted passwords. Using the Tomcat 5's
>> documentation:
>>
>> C:\>java org.apache.catalina.realm.RealmBase -a MD5 mypassd
>>
>> And this is the error message:
>>
>> "Exception in thread "main" java.lang.NoClassDefFoundError:
>> org/apache/catalina/realm/RealmBase"
>>
>> I also checked the classpath, and Catalina.jar is in it.
>> I even tried being positioned on catalina's directory.
>>
>> Using Win XP, Tomcat 5.0.28, and j2sdk1.4.2_07.
>>
>> Thank you very much!
>>
>> Lorenzo
>>
>>
>> -------------------------------------------------------------
>>
>> Si usted no es el destinatario indicado en este mensaje o responsable
>> como
>> persona
>> de la entrega del mensaje, no debe copiar o reenviar este mensaje, por
> favor
>> notifique
>> al correo infosegura@nacion.com. Para más referencia sobre términos
>> importantes
>> relacionados a este correo visite
>> http://www.nacion.com/disclaimer/index_es2.htm
>>
>> If you are not the addressee indicated in this message (or responsible
>> for
>> delivery of the
>> message to such person), you may not copy or send this message to anyone,
>> please notify
>> to infosegura@nacion.com. Click here for important additional terms
> relating
>> to this e-mail.
>> <http://www.nacion.com/disclaimer/index_en2.htm>
>>
>> -------------------------------------------------------------
>>
>>
>>
>> ---------------------------------------------------------------------
>> To unsubscribe, e-mail: tomcat-user-unsubscribe@jakarta.apache.org
>> For additional commands, e-mail: tomcat-user-help@jakarta.apache.org
>>
>>
>>
>> ---------------------------------------------------------------------
>> To unsubscribe, e-mail: tomcat-user-unsubscribe@jakarta.apache.org
>> For additional commands, e-mail: tomcat-user-help@jakarta.apache.org
>>
>>
>> ---------------------------------------------------------------------
>> To unsubscribe, e-mail: tomcat-user-unsubscribe@jakarta.apache.org
>> For additional commands, e-mail: tomcat-user-help@jakarta.apache.org
>>
>>
>>
>> ---------------------------------------------------------------------
>> To unsubscribe, e-mail: tomcat-user-unsubscribe@jakarta.apache.org
>> For additional commands, e-mail: tomcat-user-help@jakarta.apache.org
>>
>>
>> ---------------------------------------------------------------------
>> To unsubscribe, e-mail: tomcat-user-unsubscribe@jakarta.apache.org
>> For additional commands, e-mail: tomcat-user-help@jakarta.apache.org
>>
>>
>>
>> ---------------------------------------------------------------------
>> To unsubscribe, e-mail: tomcat-user-unsubscribe@jakarta.apache.org
>> For additional commands, e-mail: tomcat-user-help@jakarta.apache.org
>>
>>
>>
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: tomcat-user-unsubscribe@jakarta.apache.org
> For additional commands, e-mail: tomcat-user-help@jakarta.apache.org
>
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: tomcat-user-unsubscribe@jakarta.apache.org
> For additional commands, e-mail: tomcat-user-help@jakarta.apache.org
>
>
>
---------------------------------------------------------------------
To unsubscribe, e-mail: tomcat-user-unsubscribe@jakarta.apache.org
For additional commands, e-mail: tomcat-user-help@jakarta.apache.org
---------------------------------------------------------------------
To unsubscribe, e-mail: tomcat-user-unsubscribe@jakarta.apache.org
For additional commands, e-mail: tomcat-user-help@jakarta.apache.org
Re: RES: How can I create a digest password - digest.bat is the key!
Posted by Parsons Technical Services <pa...@earthlink.net>.
Dejavu....
In a properly configured system, if the attacker can read the server.xml or
context element then he has OWNED your system and has free reign.
If secured on windows then only two groups should have access, admins and
the webadmins. If either of those have been compromised you got big issues.
What exactly do you mean by "watch clean passwords"?
Doug
----- Original Message -----
From: "Paulo Alvim" <al...@powerlogic.com.br>
To: "Tomcat Users List" <to...@jakarta.apache.org>
Sent: Wednesday, April 13, 2005 7:00 PM
Subject: RES: RES: How can I create a digest password - digest.bat is the
key!
> Ok, thank you,
>
> I didn't think that it would be the only solution...but it would make
> things
> a little more difficult and our customers don't like the idea of to watch
> clean passwords because they don't do it to create Windows Services or
> Oracle users.
>
> We know that these softwares have proprietary databases to store that
> pass -
> but I was wondering what could be done in the Tomcat Open-Source
> context...do you think that the only approach would be to protect the
> folders/files - file system level security? What are you guys doing?
>
> -----Mensagem original-----
> De: Mark Thomas [mailto:markt@apache.org]
> Enviada em: quarta-feira, 13 de abril de 2005 18:16
> Para: Tomcat Users List
> Assunto: Re: RES: How can I create a digest password - digest.bat is the
> key!
>
>
> Paulo,
>
> I am pretty sure this won't work. Tomcat can't calculate the real
> password (required by the database) from the hash. The key feature of a
> hash is its one way nature.
>
> Also, if Tomcat could get the password from the hash so could any
> attacker.
>
> Mark
>
> Paulo Alvim wrote:
>> Lorenzo,
>>
>> Are you using the DBCP JDBC connection pooling (with that configuration
>> files in the "conf/catalina/localhost")?
>>
>> We'd like to know if your approach could be used to change the "JDBC pool
>> configuration files" from:
>>
>> <ResourceParams name="jdbc/jcompanyadmseg">
>> <parameter>
>> <name>driverClassName</name>
>> <value>oracle.jdbc.driver.OracleDriver</value>
>> </parameter>
>> <parameter>
>> <name>url</name>
>> <value>jdbc:oracle:thin:@xxxxx:1521:oraplcdb</value>
>> </parameter>
>> <parameter>
>> <name>username</name>
>> <value>demo3</value>
>> </parameter>
>> <parameter>
>> <name>password</name>
>> <value>mypass</value>
>> </parameter>
>> (...)
>> </ResourceParams>
>>
>> ...to something like (pass encrypted):
>>
>> <ResourceParams name="jdbc/jcompanyadmseg">
>> <parameter>
>> <name>driverClassName</name>
>> <value>oracle.jdbc.driver.OracleDriver</value>
>> </parameter>
>> <parameter>
>> <name>url</name>
>> <value>jdbc:oracle:thin:@xxxxx:1521:oraplcdb</value>
>> </parameter>
>> <parameter>
>> <name>username</name>
>> <value>demo3</value>
>> </parameter>
>> <parameter>
>> <name>password</name>
>> <value>%$&#I(#)$</value>
>> </parameter>
>> (...)
>> </ResourceParams>
>>
>>
>> -----Mensagem original-----
>> De: Lorenzo Jiménez [mailto:ljimenez@nacion.co.cr]
>> Enviada em: quarta-feira, 13 de abril de 2005 17:13
>> Para: Tomcat Users List
>> Assunto: RE: How can I create a digest password - digest.bat is the key!
>> Prioridade: Alta
>>
>>
>> Dear Paulo:
>>
>> Thanks for your comments.
>>
>> What we want is to have minimum exposure to hacking.
>>
>> We found out that, in the context.xml, we can specify the users.xml file,
>> and the digest method. So now it is possible to have a different user and
>> password for admin and manager, and in a separate location where
>> hackers -hopelly- cannot get thru.
>>
>> Also in the net we found that we can generate the MD5 password using
>> digest.bat that is in the tomcat/bin directory. This worked perfectly!
>>
>> Thanks again,
>> Regards,
>>
>> Lorenzo Jimenez
>>
>>
>>
>> -----Original Message-----
>> From: Paulo Alvim [mailto:alvim@powerlogic.com.br]
>> Sent: Miércoles, 13 de Abril de 2005 02:01 p.m.
>> To: Tomcat Users List
>> Subject: [SPAM2] - RES: How can I create a digest password - another
> error -
>> Found word(s) list error in the Text body
>>
>> Hi,
>>
>> I don't know if it's your objective but is it possible to use MD5 to
> encode
>> passwords in the DBCP conf files?
>>
>> Is there any documentation about how could we avoid to have the real
>> passwords in these files?
>>
>> Thanks in advance!
>>
>> Alvim
>>
>> -----Mensagem original-----
>> De: Lorenzo Jiménez [mailto:ljimenez@nacion.co.cr]
>> Enviada em: quarta-feira, 13 de abril de 2005 15:04
>> Para: Tomcat Users List
>> Assunto: RE: How can I create a digest password - another error
>> Prioridade: Alta
>>
>>
>>
>> Dear Jerry:
>>
>> Thanks for the advice.
>>
>> I follow your advice but did not worked. I use this
>>
>> C:\>java -cp C:\Java\Tomcat5.0.28\common\lib\catalina.jar
>> org.apache.catalina.realm.RealmBase -a MD5 admin
>>
>> And I got this error:
>>
>> Exception in thread "main" java.lang.NoClassDefFoundError:
>> javax/management/MBeanRegistration
>> at java.lang.ClassLoader.defineClass0(Native Method)
>> at java.lang.ClassLoader.defineClass(Unknown Source)
>> at java.security.SecureClassLoader.defineClass(Unknown Source)
>> at java.net.URLClassLoader.defineClass(Unknown Source)
>> at java.net.URLClassLoader.access$100(Unknown Source)
>> at java.net.URLClassLoader$1.run(Unknown Source)
>> at java.security.AccessController.doPrivileged(Native Method)
>> at java.net.URLClassLoader.findClass(Unknown Source)
>> at java.lang.ClassLoader.loadClass(Unknown Source)
>> at sun.misc.Launcher$AppClassLoader.loadClass(Unknown Source)
>> at java.lang.ClassLoader.loadClass(Unknown Source)
>> at java.lang.ClassLoader.loadClassInternal(Unknown Source)
>>
>> Thanks again,
>>
>> Lorenzo
>>
>>
>>
>>
>> -----Original Message-----
>> From: J Malcolm [mailto:techstuff@malcolms.com]
>> Sent: Miércoles, 13 de Abril de 2005 11:07 a.m.
>> To: 'Tomcat Users List'
>> Subject: [SPAM2] - RE: How can I create a digest password - Found word(s)
>> list error in the Text body
>>
>> The problem you are hiting is due to the location of the jar file in the
>> default tomcat install. You can move the jar file into the lib\common
> area.
>>
>> Frankly, I think it's much cleaner to just copy the code to create pw's
> into
>> one of your own classes. It's only a few lines of code. Just find the
>> realmbase class in the Tomcat source and clone the method.
>>
>> Jerry
>>
>> -----Original Message-----
>> From: Lorenzo Jiménez [mailto:ljimenez@nacion.co.cr]
>> Sent: Wednesday, April 13, 2005 11:57 AM
>> To: Tomcat Users List
>> Subject: How can I create a digest password
>> Importance: High
>>
>> Hi,
>>
>> I need help to generate encrypted passwords. Using the Tomcat 5's
>> documentation:
>>
>> C:\>java org.apache.catalina.realm.RealmBase -a MD5 mypassd
>>
>> And this is the error message:
>>
>> "Exception in thread "main" java.lang.NoClassDefFoundError:
>> org/apache/catalina/realm/RealmBase"
>>
>> I also checked the classpath, and Catalina.jar is in it.
>> I even tried being positioned on catalina's directory.
>>
>> Using Win XP, Tomcat 5.0.28, and j2sdk1.4.2_07.
>>
>> Thank you very much!
>>
>> Lorenzo
>>
>>
>> -------------------------------------------------------------
>>
>> Si usted no es el destinatario indicado en este mensaje o responsable
>> como
>> persona
>> de la entrega del mensaje, no debe copiar o reenviar este mensaje, por
> favor
>> notifique
>> al correo infosegura@nacion.com. Para más referencia sobre términos
>> importantes
>> relacionados a este correo visite
>> http://www.nacion.com/disclaimer/index_es2.htm
>>
>> If you are not the addressee indicated in this message (or responsible
>> for
>> delivery of the
>> message to such person), you may not copy or send this message to anyone,
>> please notify
>> to infosegura@nacion.com. Click here for important additional terms
> relating
>> to this e-mail.
>> <http://www.nacion.com/disclaimer/index_en2.htm>
>>
>> -------------------------------------------------------------
>>
>>
>>
>> ---------------------------------------------------------------------
>> To unsubscribe, e-mail: tomcat-user-unsubscribe@jakarta.apache.org
>> For additional commands, e-mail: tomcat-user-help@jakarta.apache.org
>>
>>
>>
>> ---------------------------------------------------------------------
>> To unsubscribe, e-mail: tomcat-user-unsubscribe@jakarta.apache.org
>> For additional commands, e-mail: tomcat-user-help@jakarta.apache.org
>>
>>
>> ---------------------------------------------------------------------
>> To unsubscribe, e-mail: tomcat-user-unsubscribe@jakarta.apache.org
>> For additional commands, e-mail: tomcat-user-help@jakarta.apache.org
>>
>>
>>
>> ---------------------------------------------------------------------
>> To unsubscribe, e-mail: tomcat-user-unsubscribe@jakarta.apache.org
>> For additional commands, e-mail: tomcat-user-help@jakarta.apache.org
>>
>>
>> ---------------------------------------------------------------------
>> To unsubscribe, e-mail: tomcat-user-unsubscribe@jakarta.apache.org
>> For additional commands, e-mail: tomcat-user-help@jakarta.apache.org
>>
>>
>>
>> ---------------------------------------------------------------------
>> To unsubscribe, e-mail: tomcat-user-unsubscribe@jakarta.apache.org
>> For additional commands, e-mail: tomcat-user-help@jakarta.apache.org
>>
>>
>>
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: tomcat-user-unsubscribe@jakarta.apache.org
> For additional commands, e-mail: tomcat-user-help@jakarta.apache.org
>
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: tomcat-user-unsubscribe@jakarta.apache.org
> For additional commands, e-mail: tomcat-user-help@jakarta.apache.org
>
>
>
---------------------------------------------------------------------
To unsubscribe, e-mail: tomcat-user-unsubscribe@jakarta.apache.org
For additional commands, e-mail: tomcat-user-help@jakarta.apache.org
RES: RES: How can I create a digest password - digest.bat is the key!
Posted by Paulo Alvim <al...@powerlogic.com.br>.
Ok, thank you,
I didn't think that it would be the only solution...but it would make things
a little more difficult and our customers don't like the idea of to watch
clean passwords because they don't do it to create Windows Services or
Oracle users.
We know that these softwares have proprietary databases to store that pass -
but I was wondering what could be done in the Tomcat Open-Source
context...do you think that the only approach would be to protect the
folders/files - file system level security? What are you guys doing?
-----Mensagem original-----
De: Mark Thomas [mailto:markt@apache.org]
Enviada em: quarta-feira, 13 de abril de 2005 18:16
Para: Tomcat Users List
Assunto: Re: RES: How can I create a digest password - digest.bat is the
key!
Paulo,
I am pretty sure this won't work. Tomcat can't calculate the real
password (required by the database) from the hash. The key feature of a
hash is its one way nature.
Also, if Tomcat could get the password from the hash so could any attacker.
Mark
Paulo Alvim wrote:
> Lorenzo,
>
> Are you using the DBCP JDBC connection pooling (with that configuration
> files in the "conf/catalina/localhost")?
>
> We'd like to know if your approach could be used to change the "JDBC pool
> configuration files" from:
>
> <ResourceParams name="jdbc/jcompanyadmseg">
> <parameter>
> <name>driverClassName</name>
> <value>oracle.jdbc.driver.OracleDriver</value>
> </parameter>
> <parameter>
> <name>url</name>
> <value>jdbc:oracle:thin:@xxxxx:1521:oraplcdb</value>
> </parameter>
> <parameter>
> <name>username</name>
> <value>demo3</value>
> </parameter>
> <parameter>
> <name>password</name>
> <value>mypass</value>
> </parameter>
> (...)
> </ResourceParams>
>
> ...to something like (pass encrypted):
>
> <ResourceParams name="jdbc/jcompanyadmseg">
> <parameter>
> <name>driverClassName</name>
> <value>oracle.jdbc.driver.OracleDriver</value>
> </parameter>
> <parameter>
> <name>url</name>
> <value>jdbc:oracle:thin:@xxxxx:1521:oraplcdb</value>
> </parameter>
> <parameter>
> <name>username</name>
> <value>demo3</value>
> </parameter>
> <parameter>
> <name>password</name>
> <value>%$&#I(#)$</value>
> </parameter>
> (...)
> </ResourceParams>
>
>
> -----Mensagem original-----
> De: Lorenzo Jiménez [mailto:ljimenez@nacion.co.cr]
> Enviada em: quarta-feira, 13 de abril de 2005 17:13
> Para: Tomcat Users List
> Assunto: RE: How can I create a digest password - digest.bat is the key!
> Prioridade: Alta
>
>
> Dear Paulo:
>
> Thanks for your comments.
>
> What we want is to have minimum exposure to hacking.
>
> We found out that, in the context.xml, we can specify the users.xml file,
> and the digest method. So now it is possible to have a different user and
> password for admin and manager, and in a separate location where
> hackers -hopelly- cannot get thru.
>
> Also in the net we found that we can generate the MD5 password using
> digest.bat that is in the tomcat/bin directory. This worked perfectly!
>
> Thanks again,
> Regards,
>
> Lorenzo Jimenez
>
>
>
> -----Original Message-----
> From: Paulo Alvim [mailto:alvim@powerlogic.com.br]
> Sent: Miércoles, 13 de Abril de 2005 02:01 p.m.
> To: Tomcat Users List
> Subject: [SPAM2] - RES: How can I create a digest password - another
error -
> Found word(s) list error in the Text body
>
> Hi,
>
> I don't know if it's your objective but is it possible to use MD5 to
encode
> passwords in the DBCP conf files?
>
> Is there any documentation about how could we avoid to have the real
> passwords in these files?
>
> Thanks in advance!
>
> Alvim
>
> -----Mensagem original-----
> De: Lorenzo Jiménez [mailto:ljimenez@nacion.co.cr]
> Enviada em: quarta-feira, 13 de abril de 2005 15:04
> Para: Tomcat Users List
> Assunto: RE: How can I create a digest password - another error
> Prioridade: Alta
>
>
>
> Dear Jerry:
>
> Thanks for the advice.
>
> I follow your advice but did not worked. I use this
>
> C:\>java -cp C:\Java\Tomcat5.0.28\common\lib\catalina.jar
> org.apache.catalina.realm.RealmBase -a MD5 admin
>
> And I got this error:
>
> Exception in thread "main" java.lang.NoClassDefFoundError:
> javax/management/MBeanRegistration
> at java.lang.ClassLoader.defineClass0(Native Method)
> at java.lang.ClassLoader.defineClass(Unknown Source)
> at java.security.SecureClassLoader.defineClass(Unknown Source)
> at java.net.URLClassLoader.defineClass(Unknown Source)
> at java.net.URLClassLoader.access$100(Unknown Source)
> at java.net.URLClassLoader$1.run(Unknown Source)
> at java.security.AccessController.doPrivileged(Native Method)
> at java.net.URLClassLoader.findClass(Unknown Source)
> at java.lang.ClassLoader.loadClass(Unknown Source)
> at sun.misc.Launcher$AppClassLoader.loadClass(Unknown Source)
> at java.lang.ClassLoader.loadClass(Unknown Source)
> at java.lang.ClassLoader.loadClassInternal(Unknown Source)
>
> Thanks again,
>
> Lorenzo
>
>
>
>
> -----Original Message-----
> From: J Malcolm [mailto:techstuff@malcolms.com]
> Sent: Miércoles, 13 de Abril de 2005 11:07 a.m.
> To: 'Tomcat Users List'
> Subject: [SPAM2] - RE: How can I create a digest password - Found word(s)
> list error in the Text body
>
> The problem you are hiting is due to the location of the jar file in the
> default tomcat install. You can move the jar file into the lib\common
area.
>
> Frankly, I think it's much cleaner to just copy the code to create pw's
into
> one of your own classes. It's only a few lines of code. Just find the
> realmbase class in the Tomcat source and clone the method.
>
> Jerry
>
> -----Original Message-----
> From: Lorenzo Jiménez [mailto:ljimenez@nacion.co.cr]
> Sent: Wednesday, April 13, 2005 11:57 AM
> To: Tomcat Users List
> Subject: How can I create a digest password
> Importance: High
>
> Hi,
>
> I need help to generate encrypted passwords. Using the Tomcat 5's
> documentation:
>
> C:\>java org.apache.catalina.realm.RealmBase -a MD5 mypassd
>
> And this is the error message:
>
> "Exception in thread "main" java.lang.NoClassDefFoundError:
> org/apache/catalina/realm/RealmBase"
>
> I also checked the classpath, and Catalina.jar is in it.
> I even tried being positioned on catalina's directory.
>
> Using Win XP, Tomcat 5.0.28, and j2sdk1.4.2_07.
>
> Thank you very much!
>
> Lorenzo
>
>
> -------------------------------------------------------------
>
> Si usted no es el destinatario indicado en este mensaje o responsable como
> persona
> de la entrega del mensaje, no debe copiar o reenviar este mensaje, por
favor
> notifique
> al correo infosegura@nacion.com. Para más referencia sobre términos
> importantes
> relacionados a este correo visite
> http://www.nacion.com/disclaimer/index_es2.htm
>
> If you are not the addressee indicated in this message (or responsible for
> delivery of the
> message to such person), you may not copy or send this message to anyone,
> please notify
> to infosegura@nacion.com. Click here for important additional terms
relating
> to this e-mail.
> <http://www.nacion.com/disclaimer/index_en2.htm>
>
> -------------------------------------------------------------
>
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: tomcat-user-unsubscribe@jakarta.apache.org
> For additional commands, e-mail: tomcat-user-help@jakarta.apache.org
>
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: tomcat-user-unsubscribe@jakarta.apache.org
> For additional commands, e-mail: tomcat-user-help@jakarta.apache.org
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: tomcat-user-unsubscribe@jakarta.apache.org
> For additional commands, e-mail: tomcat-user-help@jakarta.apache.org
>
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: tomcat-user-unsubscribe@jakarta.apache.org
> For additional commands, e-mail: tomcat-user-help@jakarta.apache.org
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: tomcat-user-unsubscribe@jakarta.apache.org
> For additional commands, e-mail: tomcat-user-help@jakarta.apache.org
>
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: tomcat-user-unsubscribe@jakarta.apache.org
> For additional commands, e-mail: tomcat-user-help@jakarta.apache.org
>
>
>
---------------------------------------------------------------------
To unsubscribe, e-mail: tomcat-user-unsubscribe@jakarta.apache.org
For additional commands, e-mail: tomcat-user-help@jakarta.apache.org
---------------------------------------------------------------------
To unsubscribe, e-mail: tomcat-user-unsubscribe@jakarta.apache.org
For additional commands, e-mail: tomcat-user-help@jakarta.apache.org
Re: RES: How can I create a digest password - digest.bat is the key!
Posted by Mark Thomas <ma...@apache.org>.
Paulo,
I am pretty sure this won't work. Tomcat can't calculate the real
password (required by the database) from the hash. The key feature of a
hash is its one way nature.
Also, if Tomcat could get the password from the hash so could any attacker.
Mark
Paulo Alvim wrote:
> Lorenzo,
>
> Are you using the DBCP JDBC connection pooling (with that configuration
> files in the "conf/catalina/localhost")?
>
> We'd like to know if your approach could be used to change the "JDBC pool
> configuration files" from:
>
> <ResourceParams name="jdbc/jcompanyadmseg">
> <parameter>
> <name>driverClassName</name>
> <value>oracle.jdbc.driver.OracleDriver</value>
> </parameter>
> <parameter>
> <name>url</name>
> <value>jdbc:oracle:thin:@xxxxx:1521:oraplcdb</value>
> </parameter>
> <parameter>
> <name>username</name>
> <value>demo3</value>
> </parameter>
> <parameter>
> <name>password</name>
> <value>mypass</value>
> </parameter>
> (...)
> </ResourceParams>
>
> ...to something like (pass encrypted):
>
> <ResourceParams name="jdbc/jcompanyadmseg">
> <parameter>
> <name>driverClassName</name>
> <value>oracle.jdbc.driver.OracleDriver</value>
> </parameter>
> <parameter>
> <name>url</name>
> <value>jdbc:oracle:thin:@xxxxx:1521:oraplcdb</value>
> </parameter>
> <parameter>
> <name>username</name>
> <value>demo3</value>
> </parameter>
> <parameter>
> <name>password</name>
> <value>%$&#I(#)$</value>
> </parameter>
> (...)
> </ResourceParams>
>
>
> -----Mensagem original-----
> De: Lorenzo Jiménez [mailto:ljimenez@nacion.co.cr]
> Enviada em: quarta-feira, 13 de abril de 2005 17:13
> Para: Tomcat Users List
> Assunto: RE: How can I create a digest password - digest.bat is the key!
> Prioridade: Alta
>
>
> Dear Paulo:
>
> Thanks for your comments.
>
> What we want is to have minimum exposure to hacking.
>
> We found out that, in the context.xml, we can specify the users.xml file,
> and the digest method. So now it is possible to have a different user and
> password for admin and manager, and in a separate location where
> hackers -hopelly- cannot get thru.
>
> Also in the net we found that we can generate the MD5 password using
> digest.bat that is in the tomcat/bin directory. This worked perfectly!
>
> Thanks again,
> Regards,
>
> Lorenzo Jimenez
>
>
>
> -----Original Message-----
> From: Paulo Alvim [mailto:alvim@powerlogic.com.br]
> Sent: Miércoles, 13 de Abril de 2005 02:01 p.m.
> To: Tomcat Users List
> Subject: [SPAM2] - RES: How can I create a digest password - another error -
> Found word(s) list error in the Text body
>
> Hi,
>
> I don't know if it's your objective but is it possible to use MD5 to encode
> passwords in the DBCP conf files?
>
> Is there any documentation about how could we avoid to have the real
> passwords in these files?
>
> Thanks in advance!
>
> Alvim
>
> -----Mensagem original-----
> De: Lorenzo Jiménez [mailto:ljimenez@nacion.co.cr]
> Enviada em: quarta-feira, 13 de abril de 2005 15:04
> Para: Tomcat Users List
> Assunto: RE: How can I create a digest password - another error
> Prioridade: Alta
>
>
>
> Dear Jerry:
>
> Thanks for the advice.
>
> I follow your advice but did not worked. I use this
>
> C:\>java -cp C:\Java\Tomcat5.0.28\common\lib\catalina.jar
> org.apache.catalina.realm.RealmBase -a MD5 admin
>
> And I got this error:
>
> Exception in thread "main" java.lang.NoClassDefFoundError:
> javax/management/MBeanRegistration
> at java.lang.ClassLoader.defineClass0(Native Method)
> at java.lang.ClassLoader.defineClass(Unknown Source)
> at java.security.SecureClassLoader.defineClass(Unknown Source)
> at java.net.URLClassLoader.defineClass(Unknown Source)
> at java.net.URLClassLoader.access$100(Unknown Source)
> at java.net.URLClassLoader$1.run(Unknown Source)
> at java.security.AccessController.doPrivileged(Native Method)
> at java.net.URLClassLoader.findClass(Unknown Source)
> at java.lang.ClassLoader.loadClass(Unknown Source)
> at sun.misc.Launcher$AppClassLoader.loadClass(Unknown Source)
> at java.lang.ClassLoader.loadClass(Unknown Source)
> at java.lang.ClassLoader.loadClassInternal(Unknown Source)
>
> Thanks again,
>
> Lorenzo
>
>
>
>
> -----Original Message-----
> From: J Malcolm [mailto:techstuff@malcolms.com]
> Sent: Miércoles, 13 de Abril de 2005 11:07 a.m.
> To: 'Tomcat Users List'
> Subject: [SPAM2] - RE: How can I create a digest password - Found word(s)
> list error in the Text body
>
> The problem you are hiting is due to the location of the jar file in the
> default tomcat install. You can move the jar file into the lib\common area.
>
> Frankly, I think it's much cleaner to just copy the code to create pw's into
> one of your own classes. It's only a few lines of code. Just find the
> realmbase class in the Tomcat source and clone the method.
>
> Jerry
>
> -----Original Message-----
> From: Lorenzo Jiménez [mailto:ljimenez@nacion.co.cr]
> Sent: Wednesday, April 13, 2005 11:57 AM
> To: Tomcat Users List
> Subject: How can I create a digest password
> Importance: High
>
> Hi,
>
> I need help to generate encrypted passwords. Using the Tomcat 5's
> documentation:
>
> C:\>java org.apache.catalina.realm.RealmBase -a MD5 mypassd
>
> And this is the error message:
>
> "Exception in thread "main" java.lang.NoClassDefFoundError:
> org/apache/catalina/realm/RealmBase"
>
> I also checked the classpath, and Catalina.jar is in it.
> I even tried being positioned on catalina's directory.
>
> Using Win XP, Tomcat 5.0.28, and j2sdk1.4.2_07.
>
> Thank you very much!
>
> Lorenzo
>
>
> -------------------------------------------------------------
>
> Si usted no es el destinatario indicado en este mensaje o responsable como
> persona
> de la entrega del mensaje, no debe copiar o reenviar este mensaje, por favor
> notifique
> al correo infosegura@nacion.com. Para más referencia sobre términos
> importantes
> relacionados a este correo visite
> http://www.nacion.com/disclaimer/index_es2.htm
>
> If you are not the addressee indicated in this message (or responsible for
> delivery of the
> message to such person), you may not copy or send this message to anyone,
> please notify
> to infosegura@nacion.com. Click here for important additional terms relating
> to this e-mail.
> <http://www.nacion.com/disclaimer/index_en2.htm>
>
> -------------------------------------------------------------
>
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: tomcat-user-unsubscribe@jakarta.apache.org
> For additional commands, e-mail: tomcat-user-help@jakarta.apache.org
>
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: tomcat-user-unsubscribe@jakarta.apache.org
> For additional commands, e-mail: tomcat-user-help@jakarta.apache.org
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: tomcat-user-unsubscribe@jakarta.apache.org
> For additional commands, e-mail: tomcat-user-help@jakarta.apache.org
>
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: tomcat-user-unsubscribe@jakarta.apache.org
> For additional commands, e-mail: tomcat-user-help@jakarta.apache.org
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: tomcat-user-unsubscribe@jakarta.apache.org
> For additional commands, e-mail: tomcat-user-help@jakarta.apache.org
>
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: tomcat-user-unsubscribe@jakarta.apache.org
> For additional commands, e-mail: tomcat-user-help@jakarta.apache.org
>
>
>
---------------------------------------------------------------------
To unsubscribe, e-mail: tomcat-user-unsubscribe@jakarta.apache.org
For additional commands, e-mail: tomcat-user-help@jakarta.apache.org
RES: How can I create a digest password - digest.bat is the key!
Posted by Paulo Alvim <al...@powerlogic.com.br>.
Lorenzo,
Are you using the DBCP JDBC connection pooling (with that configuration
files in the "conf/catalina/localhost")?
We'd like to know if your approach could be used to change the "JDBC pool
configuration files" from:
<ResourceParams name="jdbc/jcompanyadmseg">
<parameter>
<name>driverClassName</name>
<value>oracle.jdbc.driver.OracleDriver</value>
</parameter>
<parameter>
<name>url</name>
<value>jdbc:oracle:thin:@xxxxx:1521:oraplcdb</value>
</parameter>
<parameter>
<name>username</name>
<value>demo3</value>
</parameter>
<parameter>
<name>password</name>
<value>mypass</value>
</parameter>
(...)
</ResourceParams>
...to something like (pass encrypted):
<ResourceParams name="jdbc/jcompanyadmseg">
<parameter>
<name>driverClassName</name>
<value>oracle.jdbc.driver.OracleDriver</value>
</parameter>
<parameter>
<name>url</name>
<value>jdbc:oracle:thin:@xxxxx:1521:oraplcdb</value>
</parameter>
<parameter>
<name>username</name>
<value>demo3</value>
</parameter>
<parameter>
<name>password</name>
<value>%$&#I(#)$</value>
</parameter>
(...)
</ResourceParams>
-----Mensagem original-----
De: Lorenzo Jiménez [mailto:ljimenez@nacion.co.cr]
Enviada em: quarta-feira, 13 de abril de 2005 17:13
Para: Tomcat Users List
Assunto: RE: How can I create a digest password - digest.bat is the key!
Prioridade: Alta
Dear Paulo:
Thanks for your comments.
What we want is to have minimum exposure to hacking.
We found out that, in the context.xml, we can specify the users.xml file,
and the digest method. So now it is possible to have a different user and
password for admin and manager, and in a separate location where
hackers -hopelly- cannot get thru.
Also in the net we found that we can generate the MD5 password using
digest.bat that is in the tomcat/bin directory. This worked perfectly!
Thanks again,
Regards,
Lorenzo Jimenez
-----Original Message-----
From: Paulo Alvim [mailto:alvim@powerlogic.com.br]
Sent: Miércoles, 13 de Abril de 2005 02:01 p.m.
To: Tomcat Users List
Subject: [SPAM2] - RES: How can I create a digest password - another error -
Found word(s) list error in the Text body
Hi,
I don't know if it's your objective but is it possible to use MD5 to encode
passwords in the DBCP conf files?
Is there any documentation about how could we avoid to have the real
passwords in these files?
Thanks in advance!
Alvim
-----Mensagem original-----
De: Lorenzo Jiménez [mailto:ljimenez@nacion.co.cr]
Enviada em: quarta-feira, 13 de abril de 2005 15:04
Para: Tomcat Users List
Assunto: RE: How can I create a digest password - another error
Prioridade: Alta
Dear Jerry:
Thanks for the advice.
I follow your advice but did not worked. I use this
C:\>java -cp C:\Java\Tomcat5.0.28\common\lib\catalina.jar
org.apache.catalina.realm.RealmBase -a MD5 admin
And I got this error:
Exception in thread "main" java.lang.NoClassDefFoundError:
javax/management/MBeanRegistration
at java.lang.ClassLoader.defineClass0(Native Method)
at java.lang.ClassLoader.defineClass(Unknown Source)
at java.security.SecureClassLoader.defineClass(Unknown Source)
at java.net.URLClassLoader.defineClass(Unknown Source)
at java.net.URLClassLoader.access$100(Unknown Source)
at java.net.URLClassLoader$1.run(Unknown Source)
at java.security.AccessController.doPrivileged(Native Method)
at java.net.URLClassLoader.findClass(Unknown Source)
at java.lang.ClassLoader.loadClass(Unknown Source)
at sun.misc.Launcher$AppClassLoader.loadClass(Unknown Source)
at java.lang.ClassLoader.loadClass(Unknown Source)
at java.lang.ClassLoader.loadClassInternal(Unknown Source)
Thanks again,
Lorenzo
-----Original Message-----
From: J Malcolm [mailto:techstuff@malcolms.com]
Sent: Miércoles, 13 de Abril de 2005 11:07 a.m.
To: 'Tomcat Users List'
Subject: [SPAM2] - RE: How can I create a digest password - Found word(s)
list error in the Text body
The problem you are hiting is due to the location of the jar file in the
default tomcat install. You can move the jar file into the lib\common area.
Frankly, I think it's much cleaner to just copy the code to create pw's into
one of your own classes. It's only a few lines of code. Just find the
realmbase class in the Tomcat source and clone the method.
Jerry
-----Original Message-----
From: Lorenzo Jiménez [mailto:ljimenez@nacion.co.cr]
Sent: Wednesday, April 13, 2005 11:57 AM
To: Tomcat Users List
Subject: How can I create a digest password
Importance: High
Hi,
I need help to generate encrypted passwords. Using the Tomcat 5's
documentation:
C:\>java org.apache.catalina.realm.RealmBase -a MD5 mypassd
And this is the error message:
"Exception in thread "main" java.lang.NoClassDefFoundError:
org/apache/catalina/realm/RealmBase"
I also checked the classpath, and Catalina.jar is in it.
I even tried being positioned on catalina's directory.
Using Win XP, Tomcat 5.0.28, and j2sdk1.4.2_07.
Thank you very much!
Lorenzo
-------------------------------------------------------------
Si usted no es el destinatario indicado en este mensaje o responsable como
persona
de la entrega del mensaje, no debe copiar o reenviar este mensaje, por favor
notifique
al correo infosegura@nacion.com. Para más referencia sobre términos
importantes
relacionados a este correo visite
http://www.nacion.com/disclaimer/index_es2.htm
If you are not the addressee indicated in this message (or responsible for
delivery of the
message to such person), you may not copy or send this message to anyone,
please notify
to infosegura@nacion.com. Click here for important additional terms relating
to this e-mail.
<http://www.nacion.com/disclaimer/index_en2.htm>
-------------------------------------------------------------
---------------------------------------------------------------------
To unsubscribe, e-mail: tomcat-user-unsubscribe@jakarta.apache.org
For additional commands, e-mail: tomcat-user-help@jakarta.apache.org
---------------------------------------------------------------------
To unsubscribe, e-mail: tomcat-user-unsubscribe@jakarta.apache.org
For additional commands, e-mail: tomcat-user-help@jakarta.apache.org
---------------------------------------------------------------------
To unsubscribe, e-mail: tomcat-user-unsubscribe@jakarta.apache.org
For additional commands, e-mail: tomcat-user-help@jakarta.apache.org
---------------------------------------------------------------------
To unsubscribe, e-mail: tomcat-user-unsubscribe@jakarta.apache.org
For additional commands, e-mail: tomcat-user-help@jakarta.apache.org
---------------------------------------------------------------------
To unsubscribe, e-mail: tomcat-user-unsubscribe@jakarta.apache.org
For additional commands, e-mail: tomcat-user-help@jakarta.apache.org
---------------------------------------------------------------------
To unsubscribe, e-mail: tomcat-user-unsubscribe@jakarta.apache.org
For additional commands, e-mail: tomcat-user-help@jakarta.apache.org