thanks for your replying.
Now It works if I specify the alg with "MD5",but still does not work with "SHA".
and I do not know what does the middle field of "zhangzhongl:JDBCRealm:secret"
means,that is,the "JDBCRealm",is it a unchangeable part?I do not think so,for
the Tomcat docs give an example of "localhost:8080",but when I changed it to
that,my app does not works.
And further more,the application has the functions of modifying password and
new a user,so I have to deal with the transport of these passwords,too.I
planned to user javascript to encrypt the password at these situations,is it a
way worth to try?
what about encrypting the password use javascript at the login page?is it
safe?what I am afraid is someone get the
RequestURL,username,password(encrypted),and he write an form,then he can login
to my application.Is it possible for some badguy to do this?
I know the SSL communication is the best way,while the pity is that I am not
allowed to use it.
thanks so much for helping me to solve this problem,it confused me for couple
of days.
_________________________________________________________________
Connect to the next generation of MSN Messenger
http://imagine-msn.com/messenger/launch80/default.aspx?locale=en-us&source=wlmailtagline
---------------------------------------------------------------------
To start a new topic, e-mail: users@tomcat.apache.org
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
