DelphiFAQ Home Search:
General :: Linux
General Linux help.

Articles:

This list is sorted by recent document popularity (not total page views).
New documents will first appear at the bottom.

Featured Article

How to store Tomcat JDBCRealm passwords encrypted

Question:

I am using Tomcat's JDBCRealm to store user names, passwords and roles in a mysql database. The passwords are stored in clear text. How can I change this?

Answer:

This is quite easy. Below you see the definition of your realm in tomcat/conf/server.xml
You probably do not have the line that says
digest=MD5

Add this line and tomcat expects passwords to be stored as an MD5 hash of the original password.

You also need to update any code that you have that inserts/ updates users and passwords. If you choose MD5 as suggested in the example, you can use mysql's built-in MD5() function.

insert into users(username,password) values ("mike",md5("secret"))

<Realm className="org.apache.catalina.realm.JDBCRealm" driverName="org.gjt.mm.mysql.Driver"
          connectionName="XXX" connectionPassword="YYY"
          connectionURL="jdbc:mysql://localhost/mydb"
          digest="MD5"
          userTable="users" userNameCol="username" userCredCol="password"
          userRoleTable="user_roles" roleNameCol="rolename"/>
 

Generated 20:00:50 on Nov 21, 2017