-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Leo,
On 3/24/2010 1:28 PM, Leo Donahue - PLANDEVX wrote: > I know you can specify digest for a Realm, but I don't see where I > can do that for a Resource. Note that the digest is for hashing passwords during /user/ authentication, not connecting to the database. > Do I need to leave the password of > "javadude" in the Resource in clear text, or can it be a digested > version of "javadude" in clear text in the Resource element? You cannot hash the db password. If you could, how would Tomcat decrypt it to make the connection? > The SQL table of user passwords will be in digest, but I wasn't sure > if I could use a digested password as part of the configuration for > the account that connects to the "authstore" database. Nope. Search the archives for that question being asked repeatedly, or just think about the implications of hashing a password that you want to use later. Then, think about the implications of /two-way/ encryption for a password and I think you'll see that you're just moving the problem somewhere else. - -chris -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.10 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iEYEARECAAYFAkuqbDYACgkQ9CaO5/Lv0PBhHwCgqFQcdHypen2gtOfbtqjhd0IR CNUAoLT3Joi1rTnqvWC0wQ82Hls1zoK9 =uX5k -----END PGP SIGNATURE----- --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
