users@glassfish.java.net

Re: Password aliases in FileRealm

From: Kedar Mhaswade <Kedar.Mhaswade_at_Sun.COM>
Date: Wed, 27 Aug 2008 16:26:36 -0700

Ryan de Laplante wrote:
> Looking at the contents of the FileRealm disk file I see the passwords
> are hashed using SSHA. I think hashes are not reversible, right? The
> app server takes the client's password input, hashes it, then compares
> to the value stored in FileRealm. Is that correct?

Yes.

>
> So, there is no need to use a password alias.

No, password aliasing has completely different connotations. For details,
see:
http://wiki.glassfish.java.net/attach/GlassFishAdministrationPages/aliased-passwords.html

Thanks,
Kedar

>
>
> Thanks,
> Ryan
>
>
> Ryan de Laplante wrote:
>> Hi,
>>
>> I use a fileRealm for HTTP BASIC authentication. I don't want to
>> enter raw passwords since they are stored in plain text (I think). I
>> was able to use password aliases to get around this problem in JCA
>> connector properties, but it does not seem to work for FileRealms.
>> I'll do some more experimenting to see if I did something wrong. It
>> would be helpful if someone can tell me a definitive YES or NO about
>> password aliases being available in security realms.
>>
>>
>> Thanks,
>> Ryan
>>
>> ---------------------------------------------------------------------
>> To unsubscribe, e-mail: users-unsubscribe_at_glassfish.dev.java.net
>> For additional commands, e-mail: users-help_at_glassfish.dev.java.net
>>
>>
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: users-unsubscribe_at_glassfish.dev.java.net
> For additional commands, e-mail: users-help_at_glassfish.dev.java.net
>