Looking at the contents of the FileRealm disk file I see the passwords
are hashed using SSHA. I think hashes are not reversible, right? The
app server takes the client's password input, hashes it, then compares
to the value stored in FileRealm. Is that correct?
So, there is no need to use a password alias.
Thanks,
Ryan
Ryan de Laplante wrote:
> Hi,
>
> I use a fileRealm for HTTP BASIC authentication. I don't want to
> enter raw passwords since they are stored in plain text (I think). I
> was able to use password aliases to get around this problem in JCA
> connector properties, but it does not seem to work for FileRealms.
> I'll do some more experimenting to see if I did something wrong. It
> would be helpful if someone can tell me a definitive YES or NO about
> password aliases being available in security realms.
>
>
> Thanks,
> Ryan
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: users-unsubscribe_at_glassfish.dev.java.net
> For additional commands, e-mail: users-help_at_glassfish.dev.java.net
>
>