Home/ Questions/Q 7736585
In Process

The Archive Base Latest Questions

Editorial Team
  • 0
Asked: 2026-06-01T07:46:27+00:00

Right now I am using j security check and md5 to authenticate my jsp

  • 0

Right now I am using j security check and md5 to authenticate my jsp pages. I would like to salt the password before I store it into the database. Due to restricted access at school, I do not have rights to create a trigger to inject some salt. Is there any other way to do this?

here is my realm:

<Realm 
    className="org.apache.catalina.realm.JDBCRealm" 
    driverName="com.mysql.jdbc.Driver" 
    connectionURL="jdbc:mysql://someurl"
    connectionName="name" 
    connectionPassword="password" 
    userTable="name.users" 
    userNameCol="user_name" 
    userCredCol="user_password" 
    userRoleTable="name.users"
    roleNameCol="role"
    digest="MD5"
    />
Share

Leave an answer

You must login to add an answer.

Need An Account,

1 Answer

  1. Editorial Team

    Quickly said : “No, you can’t. At least, not Simply”

    In fact, digests are handled by public static final Digest(String credentials, String algorithm,String encoding) method in org.apache.catalina.realm.RealmBase class from which your JDBCRealm class inherits. This Digest method calls directly MessageDigest instance which can be used only with “MD5”, “SHA-1” and “MD2” I think. So, you can’t do anything to your password before or after applying your MD5 algortihm

    But, you can implement a provider to have the algorithm you want. But I warn you, that’s not so simple.

    And by the way, I’d personnally prefer to have a SHA-1 hashed password than a MD5 one, even if it’s salted 🙂

    • 0