From: Scott M S. <sco...@at...> - 2003-04-09 16:07:45
|
From the admin/devel book or the quick start guide: The supported DatabaseServerLoginModule login module configuration options include the following: ... hashAlgorithm=string: The name of the java.security.MessageDigest algorithm to use to hash the password. There is no default so this option must be specified to enable hashing. When hashAlgorithm is specified, the clear text password obtained from the CallbackHandler is hashed before it is passed to UsernamePasswordLoginModule.validatePassword as the inputPassword argument. The expectedPassword as obtained from the database must be comparably hashed. hashEncoding=base64|hex: The string format for the hashed pass and must be either "base64" or "hex". Base64 is the default. hashCharset=string: The encoding used to convert the clear text password to a byte array. The platform default encoding is the default. xxxxxxxxxxxxxxxxxxxxxxxx Scott Stark Chief Technology Officer JBoss Group, LLC xxxxxxxxxxxxxxxxxxxxxxxx ----- Original Message ----- From: "Randall Svancara" <sva...@ve...> To: <jbo...@li...> Sent: Wednesday, April 09, 2003 8:14 AM Subject: [JBoss-user] enabling digest="md5" for mysql > I am new to JBOSS, however, I have successfully set up user authentication > using mysql using the following code in the login-config.xml: > > <!-- Added April 1, 2003 admin authentication policy > --> > <application-policy name = "admin"> > <authentication> > <login-module > code="org.jboss.security.auth.spi.DatabaseServerLoginModule" flag > = "required"> > <module-option name = "dsJndiName">java:/MySqlDS</module-option> > <module-option name = "principalsQuery">select password from > jbossdb.user where email=?</module-option> > <module-option name = "rolesQuery">select role, 'Roles' from > userrole where email=?</module-option> > </login-module> > </authentication> > </application-policy> > > I have also added the correct xml code to the jboss-web.xml and web.xml > files in the WEB-INF directory for basic authentication. However, I have > noticed that the passwords are stored un-encrypted in the mysql database. > How and What file do I enable encryption so that I am not storing > un-encrypted passwords in the mysql database. > > Any help would be greatly appreciated. > > Thanks, > > -- > Randall |