It would be good to add a hash of the password, but this is not digest authentication as in HTTP digest authentication. For that, a server side component must supply a challenge. This is a weak challenge, much weaker than the SRP login protocol. An HTTP digest login proceedure would have to be a new client/server login module pair.
----- Original Message ----- From: "Luke Taylor" <[EMAIL PROTECTED]> To: "JBoss Dev" <[EMAIL PROTECTED]> Sent: Friday, December 14, 2001 12:36 PM Subject: [JBoss-dev] Digest authentication > Hi all, > > I just got a mail from a guy asking about digest authentication and if > it would be possible to include an extra login module which provides this. > > It would be useful to have this available without having to supply a > different login module, so can anyone think of any reasons for not > modifying the existing UsernamePasswordLoginModule to optionally allow > you to use hashed passwords by supplying an extra flag and or algorithm? > > The storage format could be either base-64 or hex strings (like catalina > uses) or the whole hashing algorithm could be pluggable... > > Luke. > > > -- > Luke Taylor. Monkey Machine Ltd. > PGP Key ID: 0x57E9523C http://www.mkeym.com > > > > > _______________________________________________ > Jboss-development mailing list > [EMAIL PROTECTED] > https://lists.sourceforge.net/lists/listinfo/jboss-development > _______________________________________________ Jboss-development mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/jboss-development
