2014-09-29 14:43 GMT+04:00 Mark Thomas <ma...@apache.org>: > On 27/09/2014 15:52, Konstantin Kolinko wrote: >> Hi! >> >> 1). If I run any of the following: >> digest.bat -a foo >> digest.bat -a md5 foo >> (....)
>> 4) The current javadoc for RealmBase.main() says that algorithm (-a) >> is not required and "If not specified a default of SHA-512 will be >> used." >> >> I wonder whether that is justified. > > That is what is currently implemented. Happy to discuss changes but > SHA-512 doesn't seem unreasonable to me. I think there is a contradiction between -a <algorithm> and -h <credential handler implementation class> keys: 1) If -h is used I think it shall default to whatever default algorithm the credential handler implements. 2) Custom credential handler implementations may lack setAlgorithm() method. I think that one of (-a, -h) is required, with no default for either. The old code had no default for algorithm. > String encoding = "UTF-8"; I think it shall use system encoding, because the value is passed on the command line and is not read from file etc. The old code used system encoding by default. The system encoding is what the system uses, so it is reasonable. Note the following text (I am linking to Tomcat 7 docs), -> Realms and AAA -> Common Features -> Digested passwords http://tomcat.apache.org/tomcat-7.0-doc/realm-howto.html#Digested_Passwords [quote] Non-ASCII usernames and/or passwords are supported using CATALINA_HOME/bin/digest.[bat|sh] -a {algorithm} -e {encoding} {input} but care is required to ensure that the non-ASCII input is correctly passed to the digester. The digester returns {input}:{digest}. If the input appears corrupted in the return, the digest will be invalid. [/quote] BTW, That chapter in realm-howto in Tomcat 8 needs an update for the new features of digest.sh / RealmBase.main(). Best regards, Konstantin Kolinko --------------------------------------------------------------------- To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org