> I'm using JDBC realms with Tomcat4.0 with a HTML form. My > question is, does > the password get sent over the internet in plain text format or is it > hashed/encrypted/digested in some way? > > A good idea would be to digest it together with a random > variable and the > session Id using Md5 for example. Otherwise the password will > be sent over > the internet in plain text format for any hacker to grab it...
The plain ole JDBCRealm does no encryption. You'll have to extend JDBCRealm to do any encryption. JDBCRealm itself is only the server side code it does not have anything to do with the way the text is sent in the request. --- Michael Wentzel Software Developer Software As We Think - http://www.aswethink.com -- To unsubscribe: <mailto:[EMAIL PROTECTED]> For additional commands: <mailto:[EMAIL PROTECTED]> Troubles with the list: <mailto:[EMAIL PROTECTED]>
