First authentication is done so that if in the browser exists relevant
HTTP COOKIE and validation of that cookie is done then page should be
shown.
How to do that I do not know from the tomcat point of view.
Is there any possiblity how to check valid HTTP COOKIE otherwise
showing loging page.
If HTTP COOKIE is not existing than logging has to be done over my one program.
How to do that I do not know as well.
Are there any examples?
2011/6/13 Petr Hracek <phrac...@gmail.com>:
> First authentication is done so that if in the browser exists relevant
> HTTP COOKIE and validation of that cookie is done then page should be
> shown.
>
>
> 2011/6/12 Mark Thomas <ma...@apache.org>:
>> On 12/06/2011 20:29, Pid wrote:
>>> On 12/06/2011 17:12, Petr Hracek wrote:
>>>> And what about in case that I have my own program for accessing to the
>>>> specific
>>>> databases where the passwords are stored as hashes?
>>>>
>>>> Are there any possibilities how to run that program for getting unhashed
>>>> password from database?
>>>
>>> Why not hash the inbound password, then send & compare it against the
>>> one in the DB, rather than decoding it?
>>>
>>> The Realm implementations can handle this, if you're using a standard
>>> hashing method that Java recognises.
>>>
>>> Hopefully you've not invented your own hashing method.
>>
>> Hmm. Hash functions are meant to be one way. It should be impossible to
>> retrieve an unhashed password from the database.
>>
>> I hope that the original description is inaccurate rather than an
>> example of (yet another) badly broken home-grown security solution that
>> needs to be thrown away.
>>
>> Mark
>>
>> ---------------------------------------------------------------------
>> To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
>> For additional commands, e-mail: users-h...@tomcat.apache.org
>>
>>
>
>
>
> --
> Best Regards / S pozdravem
> Petr Hracek
>
--
Best Regards / S pozdravem
Petr Hracek
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org
