Thanks everyone for your answers. I've decided to go with the *try and make a connection* combined with a filter to do my authentication. I may also try the Realm again by putting the Oracle Encrypt Function around my password field in the server.xml. I'm not sure if this will work or not.
The reason we are using Oracle Logins for each user is because the main application is all written in Oracle Stored Procedures (the stored procedures write html files, ugh). My app is an upgrade from a legacy app which has to integrate with the new app as much as possible. Thanks again, Graham -----Original Message----- From: Ralph Einfeldt [mailto:ralph.einfeldt@;uptime-isc.de] Sent: October 23, 2002 5:17 AM To: Tomcat Users List Subject: AW: Digested Passwords and Oracle 8.1.7 That solution is not recommended: - Connecting for each user counteracts the use of connection pools. For most databases connecting to a db takes much more time than performing a select on a given connection. - To implement this you have to implement your own realm, as the db realm that is delivered with tomcat assumes that user, password and roles are store in tables and are accessed through a unique database user for all requests. - Each user needs an own database account. > -----Ursprüngliche Nachricht----- > Von: [EMAIL PROTECTED] [mailto:jattwood@;hgmp.mrc.ac.uk] > Gesendet: Mittwoch, 23. Oktober 2002 09:46 > An: [EMAIL PROTECTED] > Betreff: RE: Digested Passwords and Oracle 8.1.7 > > You could get Oracle to do the work for you by trying to connect > to your database with the user's login name and password. If yu > succeed then the password was valid, otherwise it isn't. That way > you don't need to know the encryption algorithm. > -- To unsubscribe, e-mail: <mailto:tomcat-user-unsubscribe@;jakarta.apache.org> For additional commands, e-mail: <mailto:tomcat-user-help@;jakarta.apache.org> -- To unsubscribe, e-mail: <mailto:tomcat-user-unsubscribe@;jakarta.apache.org> For additional commands, e-mail: <mailto:tomcat-user-help@;jakarta.apache.org>