You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@tomcat.apache.org by Lorenzo Jiménez <lj...@nacion.co.cr> on 2005/04/13 23:02:19 UTC
RE: How can I create a digest password - digest.bat is the key! - Found word(s) list error in the Text body
Paulo:
> Are you using the DBCP JDBC connection pooling
Yes, but how can I tell tomcat the password is encrypted?
Using the realm?
Thanks again,
Lorenzo
-----Original Message-----
From: Paulo Alvim [mailto:alvim@powerlogic.com.br]
Sent: Miércoles, 13 de Abril de 2005 02:59 p.m.
To: Tomcat Users List
Subject: [SPAM2] - RES: How can I create a digest password - digest.bat is the key! - Found word(s) list error in the Text body
Lorenzo,
Are you using the DBCP JDBC connection pooling (with that configuration
files in the "conf/catalina/localhost")?
We'd like to know if your approach could be used to change the "JDBC pool
configuration files" from:
<ResourceParams name="jdbc/jcompanyadmseg">
<parameter>
<name>driverClassName</name>
<value>oracle.jdbc.driver.OracleDriver</value>
</parameter>
<parameter>
<name>url</name>
<value>jdbc:oracle:thin:@xxxxx:1521:oraplcdb</value>
</parameter>
<parameter>
<name>username</name>
<value>demo3</value>
</parameter>
<parameter>
<name>password</name>
<value>mypass</value>
</parameter>
(...)
</ResourceParams>
...to something like (pass encrypted):
<ResourceParams name="jdbc/jcompanyadmseg">
<parameter>
<name>driverClassName</name>
<value>oracle.jdbc.driver.OracleDriver</value>
</parameter>
<parameter>
<name>url</name>
<value>jdbc:oracle:thin:@xxxxx:1521:oraplcdb</value>
</parameter>
<parameter>
<name>username</name>
<value>demo3</value>
</parameter>
<parameter>
<name>password</name>
<value>%$&#I(#)$</value>
</parameter>
(...)
</ResourceParams>
-----Mensagem original-----
De: Lorenzo Jiménez [mailto:ljimenez@nacion.co.cr]
Enviada em: quarta-feira, 13 de abril de 2005 17:13
Para: Tomcat Users List
Assunto: RE: How can I create a digest password - digest.bat is the key!
Prioridade: Alta
Dear Paulo:
Thanks for your comments.
What we want is to have minimum exposure to hacking.
We found out that, in the context.xml, we can specify the users.xml file,
and the digest method. So now it is possible to have a different user and
password for admin and manager, and in a separate location where
hackers -hopelly- cannot get thru.
Also in the net we found that we can generate the MD5 password using
digest.bat that is in the tomcat/bin directory. This worked perfectly!
Thanks again,
Regards,
Lorenzo Jimenez
-----Original Message-----
From: Paulo Alvim [mailto:alvim@powerlogic.com.br]
Sent: Miércoles, 13 de Abril de 2005 02:01 p.m.
To: Tomcat Users List
Subject: [SPAM2] - RES: How can I create a digest password - another error -
Found word(s) list error in the Text body
Hi,
I don't know if it's your objective but is it possible to use MD5 to encode
passwords in the DBCP conf files?
Is there any documentation about how could we avoid to have the real
passwords in these files?
Thanks in advance!
Alvim
-----Mensagem original-----
De: Lorenzo Jiménez [mailto:ljimenez@nacion.co.cr]
Enviada em: quarta-feira, 13 de abril de 2005 15:04
Para: Tomcat Users List
Assunto: RE: How can I create a digest password - another error
Prioridade: Alta
Dear Jerry:
Thanks for the advice.
I follow your advice but did not worked. I use this
C:\>java -cp C:\Java\Tomcat5.0.28\common\lib\catalina.jar
org.apache.catalina.realm.RealmBase -a MD5 admin
And I got this error:
Exception in thread "main" java.lang.NoClassDefFoundError:
javax/management/MBeanRegistration
at java.lang.ClassLoader.defineClass0(Native Method)
at java.lang.ClassLoader.defineClass(Unknown Source)
at java.security.SecureClassLoader.defineClass(Unknown Source)
at java.net.URLClassLoader.defineClass(Unknown Source)
at java.net.URLClassLoader.access$100(Unknown Source)
at java.net.URLClassLoader$1.run(Unknown Source)
at java.security.AccessController.doPrivileged(Native Method)
at java.net.URLClassLoader.findClass(Unknown Source)
at java.lang.ClassLoader.loadClass(Unknown Source)
at sun.misc.Launcher$AppClassLoader.loadClass(Unknown Source)
at java.lang.ClassLoader.loadClass(Unknown Source)
at java.lang.ClassLoader.loadClassInternal(Unknown Source)
Thanks again,
Lorenzo
-----Original Message-----
From: J Malcolm [mailto:techstuff@malcolms.com]
Sent: Miércoles, 13 de Abril de 2005 11:07 a.m.
To: 'Tomcat Users List'
Subject: [SPAM2] - RE: How can I create a digest password - Found word(s)
list error in the Text body
The problem you are hiting is due to the location of the jar file in the
default tomcat install. You can move the jar file into the lib\common area.
Frankly, I think it's much cleaner to just copy the code to create pw's into
one of your own classes. It's only a few lines of code. Just find the
realmbase class in the Tomcat source and clone the method.
Jerry
-----Original Message-----
From: Lorenzo Jiménez [mailto:ljimenez@nacion.co.cr]
Sent: Wednesday, April 13, 2005 11:57 AM
To: Tomcat Users List
Subject: How can I create a digest password
Importance: High
Hi,
I need help to generate encrypted passwords. Using the Tomcat 5's
documentation:
C:\>java org.apache.catalina.realm.RealmBase -a MD5 mypassd
And this is the error message:
"Exception in thread "main" java.lang.NoClassDefFoundError:
org/apache/catalina/realm/RealmBase"
I also checked the classpath, and Catalina.jar is in it.
I even tried being positioned on catalina's directory.
Using Win XP, Tomcat 5.0.28, and j2sdk1.4.2_07.
Thank you very much!
Lorenzo
-------------------------------------------------------------
Si usted no es el destinatario indicado en este mensaje o responsable como
persona
de la entrega del mensaje, no debe copiar o reenviar este mensaje, por favor
notifique
al correo infosegura@nacion.com. Para más referencia sobre términos
importantes
relacionados a este correo visite
http://www.nacion.com/disclaimer/index_es2.htm
If you are not the addressee indicated in this message (or responsible for
delivery of the
message to such person), you may not copy or send this message to anyone,
please notify
to infosegura@nacion.com. Click here for important additional terms relating
to this e-mail.
<http://www.nacion.com/disclaimer/index_en2.htm>
-------------------------------------------------------------
---------------------------------------------------------------------
To unsubscribe, e-mail: tomcat-user-unsubscribe@jakarta.apache.org
For additional commands, e-mail: tomcat-user-help@jakarta.apache.org
---------------------------------------------------------------------
To unsubscribe, e-mail: tomcat-user-unsubscribe@jakarta.apache.org
For additional commands, e-mail: tomcat-user-help@jakarta.apache.org
---------------------------------------------------------------------
To unsubscribe, e-mail: tomcat-user-unsubscribe@jakarta.apache.org
For additional commands, e-mail: tomcat-user-help@jakarta.apache.org
---------------------------------------------------------------------
To unsubscribe, e-mail: tomcat-user-unsubscribe@jakarta.apache.org
For additional commands, e-mail: tomcat-user-help@jakarta.apache.org
---------------------------------------------------------------------
To unsubscribe, e-mail: tomcat-user-unsubscribe@jakarta.apache.org
For additional commands, e-mail: tomcat-user-help@jakarta.apache.org
---------------------------------------------------------------------
To unsubscribe, e-mail: tomcat-user-unsubscribe@jakarta.apache.org
For additional commands, e-mail: tomcat-user-help@jakarta.apache.org
---------------------------------------------------------------------
To unsubscribe, e-mail: tomcat-user-unsubscribe@jakarta.apache.org
For additional commands, e-mail: tomcat-user-help@jakarta.apache.org
RES: How can I create a digest password - digest.bat is the key! - Found word(s) list error in the Text body
Posted by Paulo Alvim <al...@powerlogic.com.br>.
That's my question...
To generate encrypt pass is like you did.
But DBCP would need to have a flag in order to decrypt the pass...I don't
know if the "realm" is related to this.
-----Mensagem original-----
De: Lorenzo Jiménez [mailto:ljimenez@nacion.co.cr]
Enviada em: quarta-feira, 13 de abril de 2005 18:02
Para: Tomcat Users List
Assunto: RE: How can I create a digest password - digest.bat is the key!
- Found word(s) list error in the Text body
Prioridade: Alta
Paulo:
> Are you using the DBCP JDBC connection pooling
Yes, but how can I tell tomcat the password is encrypted?
Using the realm?
Thanks again,
Lorenzo
-----Original Message-----
From: Paulo Alvim [mailto:alvim@powerlogic.com.br]
Sent: Miércoles, 13 de Abril de 2005 02:59 p.m.
To: Tomcat Users List
Subject: [SPAM2] - RES: How can I create a digest password - digest.bat is
the key! - Found word(s) list error in the Text body
Lorenzo,
Are you using the DBCP JDBC connection pooling (with that configuration
files in the "conf/catalina/localhost")?
We'd like to know if your approach could be used to change the "JDBC pool
configuration files" from:
<ResourceParams name="jdbc/jcompanyadmseg">
<parameter>
<name>driverClassName</name>
<value>oracle.jdbc.driver.OracleDriver</value>
</parameter>
<parameter>
<name>url</name>
<value>jdbc:oracle:thin:@xxxxx:1521:oraplcdb</value>
</parameter>
<parameter>
<name>username</name>
<value>demo3</value>
</parameter>
<parameter>
<name>password</name>
<value>mypass</value>
</parameter>
(...)
</ResourceParams>
...to something like (pass encrypted):
<ResourceParams name="jdbc/jcompanyadmseg">
<parameter>
<name>driverClassName</name>
<value>oracle.jdbc.driver.OracleDriver</value>
</parameter>
<parameter>
<name>url</name>
<value>jdbc:oracle:thin:@xxxxx:1521:oraplcdb</value>
</parameter>
<parameter>
<name>username</name>
<value>demo3</value>
</parameter>
<parameter>
<name>password</name>
<value>%$&#I(#)$</value>
</parameter>
(...)
</ResourceParams>
-----Mensagem original-----
De: Lorenzo Jiménez [mailto:ljimenez@nacion.co.cr]
Enviada em: quarta-feira, 13 de abril de 2005 17:13
Para: Tomcat Users List
Assunto: RE: How can I create a digest password - digest.bat is the key!
Prioridade: Alta
Dear Paulo:
Thanks for your comments.
What we want is to have minimum exposure to hacking.
We found out that, in the context.xml, we can specify the users.xml file,
and the digest method. So now it is possible to have a different user and
password for admin and manager, and in a separate location where
hackers -hopelly- cannot get thru.
Also in the net we found that we can generate the MD5 password using
digest.bat that is in the tomcat/bin directory. This worked perfectly!
Thanks again,
Regards,
Lorenzo Jimenez
-----Original Message-----
From: Paulo Alvim [mailto:alvim@powerlogic.com.br]
Sent: Miércoles, 13 de Abril de 2005 02:01 p.m.
To: Tomcat Users List
Subject: [SPAM2] - RES: How can I create a digest password - another error -
Found word(s) list error in the Text body
Hi,
I don't know if it's your objective but is it possible to use MD5 to encode
passwords in the DBCP conf files?
Is there any documentation about how could we avoid to have the real
passwords in these files?
Thanks in advance!
Alvim
-----Mensagem original-----
De: Lorenzo Jiménez [mailto:ljimenez@nacion.co.cr]
Enviada em: quarta-feira, 13 de abril de 2005 15:04
Para: Tomcat Users List
Assunto: RE: How can I create a digest password - another error
Prioridade: Alta
Dear Jerry:
Thanks for the advice.
I follow your advice but did not worked. I use this
C:\>java -cp C:\Java\Tomcat5.0.28\common\lib\catalina.jar
org.apache.catalina.realm.RealmBase -a MD5 admin
And I got this error:
Exception in thread "main" java.lang.NoClassDefFoundError:
javax/management/MBeanRegistration
at java.lang.ClassLoader.defineClass0(Native Method)
at java.lang.ClassLoader.defineClass(Unknown Source)
at java.security.SecureClassLoader.defineClass(Unknown Source)
at java.net.URLClassLoader.defineClass(Unknown Source)
at java.net.URLClassLoader.access$100(Unknown Source)
at java.net.URLClassLoader$1.run(Unknown Source)
at java.security.AccessController.doPrivileged(Native Method)
at java.net.URLClassLoader.findClass(Unknown Source)
at java.lang.ClassLoader.loadClass(Unknown Source)
at sun.misc.Launcher$AppClassLoader.loadClass(Unknown Source)
at java.lang.ClassLoader.loadClass(Unknown Source)
at java.lang.ClassLoader.loadClassInternal(Unknown Source)
Thanks again,
Lorenzo
-----Original Message-----
From: J Malcolm [mailto:techstuff@malcolms.com]
Sent: Miércoles, 13 de Abril de 2005 11:07 a.m.
To: 'Tomcat Users List'
Subject: [SPAM2] - RE: How can I create a digest password - Found word(s)
list error in the Text body
The problem you are hiting is due to the location of the jar file in the
default tomcat install. You can move the jar file into the lib\common area.
Frankly, I think it's much cleaner to just copy the code to create pw's into
one of your own classes. It's only a few lines of code. Just find the
realmbase class in the Tomcat source and clone the method.
Jerry
-----Original Message-----
From: Lorenzo Jiménez [mailto:ljimenez@nacion.co.cr]
Sent: Wednesday, April 13, 2005 11:57 AM
To: Tomcat Users List
Subject: How can I create a digest password
Importance: High
Hi,
I need help to generate encrypted passwords. Using the Tomcat 5's
documentation:
C:\>java org.apache.catalina.realm.RealmBase -a MD5 mypassd
And this is the error message:
"Exception in thread "main" java.lang.NoClassDefFoundError:
org/apache/catalina/realm/RealmBase"
I also checked the classpath, and Catalina.jar is in it.
I even tried being positioned on catalina's directory.
Using Win XP, Tomcat 5.0.28, and j2sdk1.4.2_07.
Thank you very much!
Lorenzo
-------------------------------------------------------------
Si usted no es el destinatario indicado en este mensaje o responsable como
persona
de la entrega del mensaje, no debe copiar o reenviar este mensaje, por favor
notifique
al correo infosegura@nacion.com. Para más referencia sobre términos
importantes
relacionados a este correo visite
http://www.nacion.com/disclaimer/index_es2.htm
If you are not the addressee indicated in this message (or responsible for
delivery of the
message to such person), you may not copy or send this message to anyone,
please notify
to infosegura@nacion.com. Click here for important additional terms relating
to this e-mail.
<http://www.nacion.com/disclaimer/index_en2.htm>
-------------------------------------------------------------
---------------------------------------------------------------------
To unsubscribe, e-mail: tomcat-user-unsubscribe@jakarta.apache.org
For additional commands, e-mail: tomcat-user-help@jakarta.apache.org
---------------------------------------------------------------------
To unsubscribe, e-mail: tomcat-user-unsubscribe@jakarta.apache.org
For additional commands, e-mail: tomcat-user-help@jakarta.apache.org
---------------------------------------------------------------------
To unsubscribe, e-mail: tomcat-user-unsubscribe@jakarta.apache.org
For additional commands, e-mail: tomcat-user-help@jakarta.apache.org
---------------------------------------------------------------------
To unsubscribe, e-mail: tomcat-user-unsubscribe@jakarta.apache.org
For additional commands, e-mail: tomcat-user-help@jakarta.apache.org
---------------------------------------------------------------------
To unsubscribe, e-mail: tomcat-user-unsubscribe@jakarta.apache.org
For additional commands, e-mail: tomcat-user-help@jakarta.apache.org
---------------------------------------------------------------------
To unsubscribe, e-mail: tomcat-user-unsubscribe@jakarta.apache.org
For additional commands, e-mail: tomcat-user-help@jakarta.apache.org
---------------------------------------------------------------------
To unsubscribe, e-mail: tomcat-user-unsubscribe@jakarta.apache.org
For additional commands, e-mail: tomcat-user-help@jakarta.apache.org
---------------------------------------------------------------------
To unsubscribe, e-mail: tomcat-user-unsubscribe@jakarta.apache.org
For additional commands, e-mail: tomcat-user-help@jakarta.apache.org