[
Date Prev][
Date Next][
Thread Prev][
Thread Next][
Date Index][
Thread Index]
[
List Home]
Re: [jetty-users] "the password must be in a recoverable format"
|
Guy,
With DIGEST authentication, the server has to calculate a digest using the
info supplied in the authentication request, so the stored password has to
be recoverable in order to be able to be used in the digest.
Jan
On 5 November 2011 05:29, Guy Hillyer <jetty-users@xxxxxxxxxxxxxx> wrote:
> The javadoc for HashLoginService contains this caveat:
>
> "If DIGEST Authentication is used, the password must be in a
> recoverable format, either plain text or OBF."
>
> However this doesn't appear to be true, as using an MD5 hash seems to
> work just fine.
>
> The same note appears in javadoc for PropertyUserStore, and again in
> a comment in the distributed example realm.properties file.
>
> I'll file a doc bug report unless someone tells me I'm off in the weeds
> (always a possibility).
> _______________________________________________
> jetty-users mailing list
> jetty-users@xxxxxxxxxxx
> https://dev.eclipse.org/mailman/listinfo/jetty-users
>