That's my question... To generate encrypt pass is like you did.
But DBCP would need to have a flag in order to decrypt the pass...I don't know if the "realm" is related to this. -----Mensagem original----- De: Lorenzo Jiménez [mailto:[EMAIL PROTECTED] Enviada em: quarta-feira, 13 de abril de 2005 18:02 Para: Tomcat Users List Assunto: RE: How can I create a digest password - digest.bat is the key! - Found word(s) list error in the Text body Prioridade: Alta Paulo: > Are you using the DBCP JDBC connection pooling Yes, but how can I tell tomcat the password is encrypted? Using the realm? Thanks again, Lorenzo -----Original Message----- From: Paulo Alvim [mailto:[EMAIL PROTECTED] Sent: Miércoles, 13 de Abril de 2005 02:59 p.m. To: Tomcat Users List Subject: [SPAM2] - RES: How can I create a digest password - digest.bat is the key! - Found word(s) list error in the Text body Lorenzo, Are you using the DBCP JDBC connection pooling (with that configuration files in the "conf/catalina/localhost")? We'd like to know if your approach could be used to change the "JDBC pool configuration files" from: <ResourceParams name="jdbc/jcompanyadmseg"> <parameter> <name>driverClassName</name> <value>oracle.jdbc.driver.OracleDriver</value> </parameter> <parameter> <name>url</name> <value>jdbc:oracle:thin:@xxxxx:1521:oraplcdb</value> </parameter> <parameter> <name>username</name> <value>demo3</value> </parameter> <parameter> <name>password</name> <value>mypass</value> </parameter> (...) </ResourceParams> ...to something like (pass encrypted): <ResourceParams name="jdbc/jcompanyadmseg"> <parameter> <name>driverClassName</name> <value>oracle.jdbc.driver.OracleDriver</value> </parameter> <parameter> <name>url</name> <value>jdbc:oracle:thin:@xxxxx:1521:oraplcdb</value> </parameter> <parameter> <name>username</name> <value>demo3</value> </parameter> <parameter> <name>password</name> <value>%$&#I(#)$</value> </parameter> (...) </ResourceParams> -----Mensagem original----- De: Lorenzo Jiménez [mailto:[EMAIL PROTECTED] Enviada em: quarta-feira, 13 de abril de 2005 17:13 Para: Tomcat Users List Assunto: RE: How can I create a digest password - digest.bat is the key! Prioridade: Alta Dear Paulo: Thanks for your comments. What we want is to have minimum exposure to hacking. We found out that, in the context.xml, we can specify the users.xml file, and the digest method. So now it is possible to have a different user and password for admin and manager, and in a separate location where hackers -hopelly- cannot get thru. Also in the net we found that we can generate the MD5 password using digest.bat that is in the tomcat/bin directory. This worked perfectly! Thanks again, Regards, Lorenzo Jimenez -----Original Message----- From: Paulo Alvim [mailto:[EMAIL PROTECTED] Sent: Miércoles, 13 de Abril de 2005 02:01 p.m. To: Tomcat Users List Subject: [SPAM2] - RES: How can I create a digest password - another error - Found word(s) list error in the Text body Hi, I don't know if it's your objective but is it possible to use MD5 to encode passwords in the DBCP conf files? Is there any documentation about how could we avoid to have the real passwords in these files? Thanks in advance! Alvim -----Mensagem original----- De: Lorenzo Jiménez [mailto:[EMAIL PROTECTED] Enviada em: quarta-feira, 13 de abril de 2005 15:04 Para: Tomcat Users List Assunto: RE: How can I create a digest password - another error Prioridade: Alta Dear Jerry: Thanks for the advice. I follow your advice but did not worked. I use this C:\>java -cp C:\Java\Tomcat5.0.28\common\lib\catalina.jar org.apache.catalina.realm.RealmBase -a MD5 admin And I got this error: Exception in thread "main" java.lang.NoClassDefFoundError: javax/management/MBeanRegistration at java.lang.ClassLoader.defineClass0(Native Method) at java.lang.ClassLoader.defineClass(Unknown Source) at java.security.SecureClassLoader.defineClass(Unknown Source) at java.net.URLClassLoader.defineClass(Unknown Source) at java.net.URLClassLoader.access$100(Unknown Source) at java.net.URLClassLoader$1.run(Unknown Source) at java.security.AccessController.doPrivileged(Native Method) at java.net.URLClassLoader.findClass(Unknown Source) at java.lang.ClassLoader.loadClass(Unknown Source) at sun.misc.Launcher$AppClassLoader.loadClass(Unknown Source) at java.lang.ClassLoader.loadClass(Unknown Source) at java.lang.ClassLoader.loadClassInternal(Unknown Source) Thanks again, Lorenzo -----Original Message----- From: J Malcolm [mailto:[EMAIL PROTECTED] Sent: Miércoles, 13 de Abril de 2005 11:07 a.m. To: 'Tomcat Users List' Subject: [SPAM2] - RE: How can I create a digest password - Found word(s) list error in the Text body The problem you are hiting is due to the location of the jar file in the default tomcat install. You can move the jar file into the lib\common area. Frankly, I think it's much cleaner to just copy the code to create pw's into one of your own classes. It's only a few lines of code. Just find the realmbase class in the Tomcat source and clone the method. Jerry -----Original Message----- From: Lorenzo Jiménez [mailto:[EMAIL PROTECTED] Sent: Wednesday, April 13, 2005 11:57 AM To: Tomcat Users List Subject: How can I create a digest password Importance: High Hi, I need help to generate encrypted passwords. Using the Tomcat 5's documentation: C:\>java org.apache.catalina.realm.RealmBase -a MD5 mypassd And this is the error message: "Exception in thread "main" java.lang.NoClassDefFoundError: org/apache/catalina/realm/RealmBase" I also checked the classpath, and Catalina.jar is in it. I even tried being positioned on catalina's directory. Using Win XP, Tomcat 5.0.28, and j2sdk1.4.2_07. Thank you very much! Lorenzo ------------------------------------------------------------- Si usted no es el destinatario indicado en este mensaje o responsable como persona de la entrega del mensaje, no debe copiar o reenviar este mensaje, por favor notifique al correo [EMAIL PROTECTED] Para más referencia sobre términos importantes relacionados a este correo visite http://www.nacion.com/disclaimer/index_es2.htm If you are not the addressee indicated in this message (or responsible for delivery of the message to such person), you may not copy or send this message to anyone, please notify to [EMAIL PROTECTED] Click here for important additional terms relating to this e-mail. <http://www.nacion.com/disclaimer/index_en2.htm> ------------------------------------------------------------- --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]