Hi,
I've set up tomcat 3.3 and almost everything works fine.
I've set up a mySQL database 'authority' to authenticate against
in a simple test webapplication. And now I have the following question
and maybe someone can help me.
I don't like having passwords on my filesystem readable to people
who have fileaccess. If I'm using SimpleRealm I have users/passwords
in clear text in a file and thats not secure. If I use
JDBCRealm I can store encrypted passwords in the table, but I don't
know how tomcat can read them. So in the table I have to use
passwords that are not encrypted.
On the other hand if I let tomcat
connect to the database as user 'tomcat' for example with some
password anyone who will find out about the password will
be able to connect to the database and read all the authentication
information without a problem.
So my question is:
Is there anyway to use password encryption in tomcats
authentication mechanism?
I'd greatly appreciate any help,
Yours Dirk
