> The JDBCRealm only compares password but you can specify in > the web.xml the > algorithm you used in your table's column's passwords, it must be any > algorithm that extends java.security.something, I don't > remember very well, so, the answer is that it really encrypts.
I think what he's really asking is if the password gets encrypted during transmission not during the storage and comparator. This does not happen in the Realm api since there is no mechanism(to the best of my knowledge) except secure sockets, to protect text passed over the socket connect from the browser to the server. Once the request is received by the server encryption/decryption is easy but since browsers have no way of encrypting the data(you could write something in javascript but it wouldn't be all that secure since javascript is not a precompiled language) I'm willing to bet that the actual text sent in the request(over wire) cannot be encrypt. If anyone does figure out a way to do this it would be interesting to know (that's a hint to post it here...;). --- Michael Wentzel Software Developer Software As We Think - http://www.aswethink.com -- To unsubscribe: <mailto:[EMAIL PROTECTED]> For additional commands: <mailto:[EMAIL PROTECTED]> Troubles with the list: <mailto:[EMAIL PROTECTED]>
