Skip to main content

Password aliases in FileRealm

2 replies [Last post]
Anonymous

Hi,

I use a fileRealm for HTTP BASIC authentication. I don't want to enter
raw passwords since they are stored in plain text (I think). I was able
to use password aliases to get around this problem in JCA connector
properties, but it does not seem to work for FileRealms. I'll do some
more experimenting to see if I did something wrong. It would be helpful
if someone can tell me a definitive YES or NO about password aliases
being available in security realms.

Thanks,
Ryan

---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@glassfish.dev.java.net
For additional commands, e-mail: users-help@glassfish.dev.java.net

Reply viewing options

Select your preferred way to display the comments and click "Save settings" to activate your changes.
Ryan de Laplante

Looking at the contents of the FileRealm disk file I see the passwords
are hashed using SSHA. I think hashes are not reversible, right? The
app server takes the client's password input, hashes it, then compares
to the value stored in FileRealm. Is that correct?

So, there is no need to use a password alias.

Thanks,
Ryan

Ryan de Laplante wrote:
> Hi,
>
> I use a fileRealm for HTTP BASIC authentication. I don't want to
> enter raw passwords since they are stored in plain text (I think). I
> was able to use password aliases to get around this problem in JCA
> connector properties, but it does not seem to work for FileRealms.
> I'll do some more experimenting to see if I did something wrong. It
> would be helpful if someone can tell me a definitive YES or NO about
> password aliases being available in security realms.
>
>
> Thanks,
> Ryan
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: users-unsubscribe@glassfish.dev.java.net
> For additional commands, e-mail: users-help@glassfish.dev.java.net
>
>

---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@glassfish.dev.java.net
For additional commands, e-mail: users-help@glassfish.dev.java.net

Kedar Mhaswade

Ryan de Laplante wrote:
> Looking at the contents of the FileRealm disk file I see the passwords
> are hashed using SSHA. I think hashes are not reversible, right? The
> app server takes the client's password input, hashes it, then compares
> to the value stored in FileRealm. Is that correct?

Yes.

>
> So, there is no need to use a password alias.

No, password aliasing has completely different connotations. For details,
see:
http://wiki.glassfish.java.net/attach/GlassFishAdministrationPages/alias...

Thanks,
Kedar

>
>
> Thanks,
> Ryan
>
>
> Ryan de Laplante wrote:
>> Hi,
>>
>> I use a fileRealm for HTTP BASIC authentication. I don't want to
>> enter raw passwords since they are stored in plain text (I think). I
>> was able to use password aliases to get around this problem in JCA
>> connector properties, but it does not seem to work for FileRealms.
>> I'll do some more experimenting to see if I did something wrong. It
>> would be helpful if someone can tell me a definitive YES or NO about
>> password aliases being available in security realms.
>>
>>
>> Thanks,
>> Ryan
>>
>> ---------------------------------------------------------------------
>> To unsubscribe, e-mail: users-unsubscribe@glassfish.dev.java.net
>> For additional commands, e-mail: users-help@glassfish.dev.java.net
>>
>>
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: users-unsubscribe@glassfish.dev.java.net
> For additional commands, e-mail: users-help@glassfish.dev.java.net
>

---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@glassfish.dev.java.net
For additional commands, e-mail: users-help@glassfish.dev.java.net