Win a copy of The Java Performance Companion this week in the Performance forum!
  • Post Reply
  • Bookmark Topic Watch Topic
  • New Topic

password encryption in Tomcat

 
domestique jackson
Greenhorn
Posts: 10
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
The default Tomcat password storage file stores passwords in unencrypted, plain text.
Could the experienced ranchers suggest "how to" encrypt and store encrypted passwords. And how to "hide" the encryption key?
Any links to solutions would be helpfut too.
thanks,
/dj.
 
Hartmut Ludwig
Ranch Hand
Posts: 51
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
A possible solution would be to encrypt the Password using MD5 and saving the MD5 hash instead. This method is also used by UNIX/Linux to encrypt the passwords of users.
There is no need to decrypt them (so you don't need keys and stuff). The method is: if a user wants to login the passwort it enters is encrypted with MD5 as well and both encrypted versions are compared. If it fits - everything is ok. That's an easy method and quite resistant against brute force, if you choose a good password.
I use this MD5 implementation written by Santeri Paavolainen.
sl
Hartmut
 
  • Post Reply
  • Bookmark Topic Watch Topic
  • New Topic