On Fri, 2 Aug 2002, Jacob Kjome wrote:
>
> Can someone comment on this? I'd really like to know if I can digest
> the passwords that I use for my configuration in the Server.xml for
> DBCP Datasources. Is it possible? If not, is it planned?
>
> Thursday, August 01, 2002, 1:00:16 PM, you wrote:
>
> JK> Seems to me someone wrote about this before, but I can't find it. I'm
> JK> wondering if passwords can be digested in JNDI Resource configuration
> JK> just like one can in the Realm configurations? I'd rather not store
> JK> the password for my database in cleartext. The Resource docs don't
> JK> seem to mention anything about digesting passwords. Is it not
> JK> possible? If not now, is this feature planned? I'm using
> JK> Tomcat-4.1.8.
>
> JK> Jake
>
>
I am not really sure what you are talking about, but if you store a
password that you will later use to connect to a database, you cannot
store a digest. There is no way a program can reproduce the password it
needs when connecting if it has just a digest. With digests you can only
check that a submitted password produces the same digest.
Markus
--
To unsubscribe, e-mail: <mailto:[EMAIL PROTECTED]>
For additional commands, e-mail: <mailto:[EMAIL PROTECTED]>
