-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Roger,
Roger Parkinson wrote: > Think about it the other way around. User types cleartext password, > tomcat's authentication digests it and then compares with what is on the > database. They're talking about HTTP Auth, not Realms and stuff like that. You are talking about using a crypto digest of passwords in a database. HTTP DIGEST is different from that: http://en.wikipedia.org/wiki/Digest_access_authentication Unfortunately, when using DIGEST authentication, the server either needs to store the cleartext password or be very careful about retaining special information that is relevant to DIGEST auth. - -chris -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.7 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFHJ7Ej9CaO5/Lv0PARAitzAJwPmlCeKlMvZmFa+v7YfJX0XAW2KgCgkiK/ w/GERCvz4C4LArHnlQDKbJ8= =eYNx -----END PGP SIGNATURE----- --------------------------------------------------------------------- To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
