You are viewing a plain text version of this content. The canonical link for it is here.

Posted to users@tomcat.apache.org by dk...@web.de on 2003/04/13 11:24:30 UTC

Form Based authentication and security

Hi,

I am new to tomcat. I have used the Form Based authentication successfully. But I have a problem that the username and password are in clear text in the tomcat_users.xml. Isn't that quite unsecure? If someone gets control of the server where tomcat is running, he/she get also access to the webservice... Does the j_security_check servlet also works when the passwords are encrypted? Or is the another possiblity to hide the passwords???

Thanks Dagmar
______________________________________________________________________________
UNICEF bittet um Spenden fur die Kinder im Irak! Hier online an
UNICEF spenden: https://spenden.web.de/unicef/special/?mc=021101


---------------------------------------------------------------------
To unsubscribe, e-mail: tomcat-user-unsubscribe@jakarta.apache.org
For additional commands, e-mail: tomcat-user-help@jakarta.apache.org