> -----Original Message----- > From: PATTUS Jean-Philippe [mailto:[EMAIL PROTECTED]] > Sent: 12 June 2002 14:49 > To: [EMAIL PROTECTED] > Subject: TR: Black magic Authentication Digest and JDBC Realm > on Tomcat 4 .0.3 > > > Nobody for my little pb, should i try black magic? > > > -----Message d'origine----- > > De: PATTUS Jean-Philippe [SMTP:[EMAIL PROTECTED]] > > Date: mercredi 12 juin 2002 10:46 > > À: [EMAIL PROTECTED] > > Objet: Authentication Digest and JDBC Realm on Tomcat 4.0.3 > > > > Hello, > > I'm working on Tomcat 4.0.3. > > i'm trying to put an authentication on my web app, > > if the auth-method is BASIC and > > the Realm is > > <Realm className="org.apache.catalina.realm.JDBCRealm" debug="99" > > driverName="oracle.jdbc.driver.OracleDriver" > > connectionName="Name" > > connectionPassword="Password" > > connectionURL="jdbc:oracle:thin:@host:1521:toto" > > userTable="userTable" userNameCol="userNameCol" > > userCredCol="userCredCol" > > userRoleTable="userRole" roleNameCol="roleNameCol" /> > > it works fine. > > But, if i replace BASIC by DIGEST, my authentication is KO. > I've seen in > > the > > code that > > JDBCRealm::getPassword() always return null!!! > >
Just an idea (I don't know) but this could be by design - if getPassword() returns the hased-password, it's a potential security risk (an attacker would "just" need to hash a dictionary until they came across a matching hash). Not sure how JDBCRealm deals with this, though...sorry. > > How can i configure my Tomcat in order to have JDBC Realm > and Digest > > authentication??? > > > > Thanks > > Well, don't know how useful I've been :( Cheers John -- John Niven Please reply through mailing list -- To unsubscribe, e-mail: <mailto:[EMAIL PROTECTED]> For additional commands, e-mail: <mailto:[EMAIL PROTECTED]>