Hello everyone! I was recently reading this mailing list and found the question by jonmcalexander<https://www.mail-archive.com/search?l=users@tomcat.apache.org&q=from:%22jonmcalexander%22> about currently supported digest algorithms, looking through replies,I found a great presentation by Cristopher Schultz about credential security, I have one question though if I have my credentials stored in a datasource Realm with old md5 digest set up like this <Realm className="org.apache.catalina.realm.DataSourceRealm" dataSourceName="jdbc/****" digest="MD5" roleNameCol="RoleName" userCredCol="PWD" userNameCol="UserName" userRoleTable="educ.ad_UserRoles" userTable="educ.ad_Users"/> where pwd is the column name which stores md5 hash how do I specify column where more secure PBKDF2 version of the password (f I want to keep old md5 as fall back option) is stored with the more secure configuration example like this one (copied directly from presentation slides )
<Realm className="org.apache.catalina.realm.DataSourceRealm"...> <CredentialHandler className="org.apache.catalina.realm.NestedCredentialHandler"> <CredentialHandler className="org.apache.catalina.realm.SecretKeyCredentialHandler" /> <CredentialHandler className="org.apache.catalina.realm.MessageDigestCredentialHandler" algorithm="MD5" /> </CredentialHandler> </Realm> or do I just need to increase the size of PWD column to fit the new pbkdf2 hash and PWD would store either md5 or pbkdf2 depending if user has changed their password or not?
