Re: [Exist-open] Internal Password Format: Password Digests

SourceForge Headquarters 225 Broadway Suite 1600 San Diego, CA 92101 +1 (858) 454-5900

Wolfgang Meier wrote:

> Good work! I just have one concern: the main reason for storing the
> passwords in the database as hex digest with realm was to ensure
> WebDAV conformance. WebDAV requires support for digest authentication
> (though web.xml does currently configure basic auth, but just because
> some windows clients won't accept digest). As eXist does not keep the
> clear-text password, I had to store the whole encoded realm:password
> string. Could you check org.exist.http.servlets.DigestAuthenticator to
> see if it still works or can be changed?

One line would have to change to base64 encode the digest rather
than hex.

While this change isn't necessary, I really think using base64 to
encode the digests (which are binary) is much more normal.  In the
end, you just need to have some consistent string encoding of
the password digests.

--Alex Milowski

Re: [Exist-open] Internal Password Format: Password Digests

eXist-db is a feature rich Open Source native XML database

Re: [Exist-open] Internal Password Format: Password Digests