Scott, I am currently using a secure, one-way encryption method to store the passwords. That is, once they're stored in the database, there is no way to determine what they are -- the only choice a user has if they forget it, is to make a new one. This helps secure the system internally from someone looking up a users password through a database tool (TORA, etc...). I have a customized DatabaseServerLoginModule which has a single method:
protected String convertRawPassword(String password) (thanks for some help from the wiki: http://www.jboss.org/wiki/Wiki.jsp?page=CreatingACustomLoginModule). However, the password that is passed into that method seems to be the database value, NOT the raw password which, unfortunately is already encrypted and not recoverable. How am I supposed to encrypt the form value and encrypt it THEN compare it to the database value? Is that possible? Thank you, Mike p.s. I'm off to look up the java source for the DatabaseLoginModule.... View the original post : http://www.jboss.org/index.html?module=bb&op=viewtopic&p=3874958#3874958 Reply to the post : http://www.jboss.org/index.html?module=bb&op=posting&mode=reply&p=3874958 ------------------------------------------------------- SF email is sponsored by - The IT Product Guide Read honest & candid reviews on hundreds of IT Products from real users. Discover which products truly live up to the hype. Start reading now. http://ads.osdn.com/?ad_id=6595&alloc_id=14396&op=click _______________________________________________ JBoss-user mailing list JBoss-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/jboss-user
