DelphiFAQ Home Search:
General
    Databases (73)
    Linux (41)
        Apache (6)
        Network (11)
        shell (12)
    Outside the Cube (4640)
    Programming (679)
    Web publishing (65)
    Windows (431)

 
Exchange Links
 
About this site

Links to us


Bookmark this
Add to del.icio.us Digg! Add to Reddit Add to Yahoo MyWeb Add to Windows Live Add to Google Bookmarks Share via Facebook

How to store Tomcat JDBCRealm passwords encrypted

 

commentsThis article has not been rated yet. After reading, feel free to leave comments and rate it.

Question:

I am using Tomcat's JDBCRealm to store user names, passwords and roles in a mysql database. The passwords are stored in clear text. How can I change this?

Answer:

This is quite easy. Below you see the definition of your realm in tomcat/conf/server.xml
You probably do not have the line that says
digest=MD5

Add this line and tomcat expects passwords to be stored as an MD5 hash of the original password.

You also need to update any code that you have that inserts/ updates users and passwords. If you choose MD5 as suggested in the example, you can use mysql's built-in MD5() function.

insert into users(username,password) values ("mike",md5("secret")) 

<Realm className="org.apache.catalina.realm.JDBCRealm" driverName="org.gjt.mm.mysql.Driver"
         connectionName="XXX" connectionPassword="YYY"
         connectionURL="jdbc:mysql://localhost/mydb"
         digest="MD5"
         userTable="users" userNameCol="username" userCredCol="password"
         userRoleTable="user_roles" roleNameCol="rolename"/>

Comments:

 

 

NEW: Optional: Register   Login
Email address (not necessary):

Rate as 		Hide my email when showing my comment.
Please notify me once a day about new comments on this topic.
Please provide a valid email address if you select this option, or post under a registered account.
 

 Show city and country
Show country only
Hide my location
You can mark text as 'quoted' by putting [quote] .. [/quote] around it.
Please type in the code:
photo Add a picture:

Please do not post inappropriate pictures. Inappropriate pictures include pictures of minors and nudity. The owner of this web site reserves the right to delete such material.