1 Reply Latest reply on Mar 25, 2004 10:53 PM by pearl81

    storing encrypted password?

    jkim9

      Trying set up JBoss Server that is access by the client using JAAS. I like to store password on the server. I noticed users.properties files contains password but it's as flat text file where anyone who has right to view that file can see everyone's password... is there way to encrypt this file or password? how about passwords in database?

        • 1. Re: storing encrypted password?
          pearl81

          You can store the MD5 hash of the password instead of the password itself.

          Hence instead of storing

          hellouser=hellopassword you can store

          hellouser=<MD5 Hash of the hellopassword in base64 or hex format>

          and then in your login-config.xml you can mention the following for your JAAS group

          <application-policy name = "HelloGroup">

          <login-module code="org.jboss.security.auth.spi.UsersRolesLoginModule"
          flag = "required" >
          <module-option name="usersProperties">users.properties</module-option>
          <module-option name="hashAlgorithm">MD5</module-option>
          <module-option name="hashEncoding">hex</module-option>
          <module-option name="unauthenticatedIdentity">nobody</module-option>
          </login-module>