2013/11/20 <williamissey...@tsys.com>:
Is there any way to not have the password visible in the realm for example for active directory realm?
. . . On 11/20/13 12:36 AM, Konstantin Kolinko wrote:
https://wiki.apache.org/tomcat/FAQ/Password
Harrumph. It occurs to me that if Tomcat stored passwords the way OS/400 does (i.e., as a one-way hash), it would solve a multitude of problems.
Of course, the far greater problem is that if somebody can get at your password file for nefarious purposes, then they can also most likely get at your SSL keystore for nefarious purposes, and a one-way hash wouldn't work for that.
-- JHHL --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
