Outside the Cube (31)
Web publishing (134)
How to store Tomcat JDBCRealm passwords encrypted
6 comments. Current rating: (3 votes). Leave comments and/ or rate it.
Question:I am using Tomcat's JDBCRealm to store user names, passwords and roles in a mysql database. The passwords are stored in clear text. How can I change this?
Answer:This is quite easy. Below you see the definition of your realm in tomcat/conf/server.xml
You probably do not have the line that says
Add this line and tomcat expects passwords to be stored as an MD5 hash of the original password.
You also need to update any code that you have that inserts/ updates users and passwords. If you choose MD5 as suggested in the example, you can use mysql's built-in MD5() function.
insert into users(username,password) values ("mike",md5("secret"))