I found this provider to be a good starting point
http://www.bouncycastle.org/latest_releases.html
There are multiple classes available for Message Digest 5
http://www.bouncycastle.org/docs/docs1.5/index.html
one of which is Message Digest 5 with Data Encryption Standard
see
JCEBlockCipher.PBEWithMD5AndDES
Does this answer your question?
Um no, but thanks anyway :-) My problem was not in generating md5
hashes, but in using them in the server.xml instead of plain text
passwords for JDBC resources.
It seems this was bought up in 2002 and as no solution has been
implemented it can't be trivial. The JDBC connection pooling must
need the clear text password to establish the connection, with no
option of supplying a username and hashed password (if it could
accept a hashed version the hashed password would then become as
security sensitive as the clear text version!). The only option left
is to encode the password which would only hide it from casual
browsers and not offer any form of real security. File permissions
and server security it is then!
Thanks.
---------------------------------------------------------------------
To start a new topic, e-mail: users@tomcat.apache.org
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
