https://issues.apache.org/bugzilla/show_bug.cgi?id=53785
--- Comment #7 from Mark Thomas <ma...@apache.org> --- (In reply to comment #5) > This then brings up the fact that RealmBase seems like the most reasonable > place to do all of this, except that nobody really wants to extend RealmBase > because the real action is in the realm implementations (DataSourceRealm, > JNDIRealm, etc.). If the "hashing stuff" could be isolated from RealmBase, > then we could make it pluggable such that users could use a DataSourceRealm > or JNDIRealm but also plug-in a bcrypt implementation for the > password-hashing work. > > I'd like to reopen this unless there are any strong objections. I have no issue with refactoring to make Realms easier to extend (for better digests or for any other reason) subject to the usual issues regarding backwards compatibility. I not so keen on including jBCrypt (or any other library) without a much stronger demand for it. -- You are receiving this mail because: You are the assignee for the bug. --------------------------------------------------------------------- To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org