DelphiFAQ Home Search:



Databases
InterBase, MS-SQL, mysql, Oracle
Programming
C#, C++, Delphi, Java,
JavaScript, perl, php, Visual Basic, VBScript
Linux
Apache, Network, Shell
Web Publishing
JavaScript, perl CGI, VBScript, Web Hosting
Windows
Apache, File Types, Internet Explorer,
Network, Printing, Processes
Outside the Cube
Auto, Computer Hardware,
Finances, Dating Scams,
Household, Male Dating Scammers,
Other Scams, Travel

Articles:

This list is sorted by recent document popularity (not total page views).
New documents will first appear at the bottom.

Featured Article

How to store Tomcat JDBCRealm passwords encrypted

Question:

I am using Tomcat's JDBCRealm to store user names, passwords and roles in a mysql database. The passwords are stored in clear text. How can I change this?

Answer:

This is quite easy. Below you see the definition of your realm in tomcat/conf/server.xml
You probably do not have the line that says
digest=MD5

Add this line and tomcat expects passwords to be stored as an MD5 hash of the original password.

You also need to update any code that you have that inserts/ updates users and passwords. If you choose MD5 as suggested in the example, you can use mysql's built-in MD5() function.

insert into users(username,password) values ("mike",md5("secret"))

<Realm className="org.apache.catalina.realm.JDBCRealm" driverName="org.gjt.mm.mysql.Driver"
          connectionName="XXX" connectionPassword="YYY"
          connectionURL="jdbc:mysql://localhost/mydb"
          digest="MD5"
          userTable="users" userNameCol="username" userCredCol="password"
          userRoleTable="user_roles" roleNameCol="rolename"/>
 

Generated 16:04:38 on Dec 21, 2014