W3C home > Mailing lists > Public > www-jigsaw@w3.org > November to December 2005

Re: Search how to crypt the authentification

From: CLOUD <cloud@madpowah.org>
Date: Thu, 08 Dec 2005 17:17:56 +0100
Message-ID: <43985CB4.7020601@madpowah.org>
To: "e.l. seielstad" <elseielstad@yahoo.com>
CC: www-jigsaw@w3.org

e.l. seielstad wrote:
>     I think the original request involves creating a way to encrypt  the admin password (and user passwords) stored in the authentication  files..
>   
>      .../Jigsaw/config/auth/*.db files contain clear-text  versions of user names and  passwords for the jigsaw server.
>   
>           --erik.
>     
> 
> Nitesh <nitesh.gulati@gmail.com> wrote:  
> I don't understand! Where is encryption in the entire deal?
> 
> Wait... are you saying that you are trying to encrypt the password in in
> setPassword() before setString() & are getting same result when encrypting
> different words?
> 
> -----Original Message-----
> From: www-jigsaw-request@w3.org [mailto:www-jigsaw-request@w3.org] On Behalf
> Of CLOUD
> Sent: Thursday, December 08, 2005 6:22 PM
> To: William Cai
> Cc: www-jigsaw@w3.org
> Subject: Re: Search how to crypt the authentification
> 
> 
> William Cai wrote:
> 
>>Usually we calculate MD5 sum of password and store the MD5 sum. Does
>>that make sense?
>>
>>On Wed, 2005-12-07 at 23:15 +0100, CLOUD wrote:
>>
>>
>>
>>>Hi.
>>>
>>>I search how i can crypt the password of admin and users. I try to
>>>find
>>>the good class to change it but without success.
>>>Someone can help me ?
>>>
>>>Thanks 
>>
>>
> Thanks for your answer.
> 
> I don't want the algorithm but the class which stores the pass in the
> xml file and the class which auth the user when he wants to modify data,
> to add an algorithm.I've tried with the class
> org.w3c.jigsaw.auth.AuthUser.java but without success . I thought it can
> be :
> 
>  /**
>      * Get the user password.
>      */
> 
>     public String getPassword() {
>  return (String) getValue(ATTR_PASSWORD, null) ;
>     }
> 
>     /**
>      * Set a new password for this user.
>      * @param passwd The new user's password.
>      */
> 
>     public void setPassword(String passwd) {
>  setString(ATTR_PASSWORD, passwd);
>     }
> 
> but if I change passwd in setPassword()  before the setString, there is
> no change...
> 
> Thanks for your interest. 
>      Rémi Laurent
> 
> 
> 
> 
> 
> 			
> ---------------------------------
> Yahoo! Shopping
>  Find Great Deals on Holiday Gifts at Yahoo! Shopping 

Yes erik has understandood my request. I want to encrypt this clear-text
password modifying classes and of course the same thing for the
authentication. But I don't find the classes to do its.

						Rémi Laurent
Received on Thursday, 8 December 2005 16:19:40 GMT

This archive was generated by hypermail 2.2.0+W3C-0.50 : Monday, 9 April 2012 12:13:37 GMT