| From: | "Rob Abernethy IV" <abernethy(at)dynedge(dot)com> |
|---|---|
| To: | "postgresql" <pgsql-admin(at)postgresql(dot)org> |
| Subject: | Re: Encrypted Passwords |
| Date: | 2003-01-13 02:47:20 |
| Message-ID: | 20030113104720.M77548@dynedge.com |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-admin |
Well, actually I *do* want to. My goal is to be able to use my existing set
of database users to authenticate to web apps running in Tomcat. Tomcat
allows you to set up a JDBC Realm for authentication, which lets you connect
to a database and use usernames and passwords from that database. The problem
is that Tomcat computes the digest without a salt and, therefore,
authentication is failing because the two digested versions of the same
password are different.
Has anyone else used postgres to set up a JDBC Realm? Can anyone suggest any
alternatives?
--
Robert Abernethy IV
Dynamic Edge, Inc.
734.975.0460
> "Rob Abernethy IV" <abernethy(at)dynedge(dot)com> writes:
> > Can you tell postgres *NOT* to use a salt when calculating the MD5
> > digest?
>
> No, and you wouldn't want to. The salt is an essential security
> feature.
>
> regards, tom lane
| From | Date | Subject | |
|---|---|---|---|
| Next Message | sivaramk | 2003-01-13 04:18:54 | Multibyte characters in object names |
| Previous Message | Rob Abernethy IV | 2003-01-13 01:53:52 | Re: Encrypted Passwords |