This week's book giveaway is in the Servlets forum.
We're giving away four copies of Murach's Java Servlets and JSP and have Joel Murach on-line!
See this thread for details.
The moose likes Tomcat and the fly likes password encryption in Tomcat Big Moose Saloon
  Search | Java FAQ | Recent Topics | Flagged Topics | Hot Topics | Zero Replies
Register / Login

Win a copy of Murach's Java Servlets and JSP this week in the Servlets forum!
JavaRanch » Java Forums » Products » Tomcat
Bookmark "password encryption in Tomcat" Watch "password encryption in Tomcat" New topic

password encryption in Tomcat

domestique jackson

Joined: Aug 29, 2002
Posts: 10
The default Tomcat password storage file stores passwords in unencrypted, plain text.
Could the experienced ranchers suggest "how to" encrypt and store encrypted passwords. And how to "hide" the encryption key?
Any links to solutions would be helpfut too.
Hartmut Ludwig
Ranch Hand

Joined: Aug 31, 2002
Posts: 51
A possible solution would be to encrypt the Password using MD5 and saving the MD5 hash instead. This method is also used by UNIX/Linux to encrypt the passwords of users.
There is no need to decrypt them (so you don't need keys and stuff). The method is: if a user wants to login the passwort it enters is encrypted with MD5 as well and both encrypted versions are compared. If it fits - everything is ok. That's an easy method and quite resistant against brute force, if you choose a good password.
I use this MD5 implementation written by Santeri Paavolainen.
With a little knowledge, a cast iron skillet is non-stick and lasts a lifetime.
subject: password encryption in Tomcat
Similar Threads
Using Encryption/decryption for password in FORM-based JAAS in struts application
encrypt the password in context.xml
How to Decrypt password
how to get parameters and its values of apache tomcat server
Hide password in Mozilla's Http Header plugin