- From: CLOUD <cloud@madpowah.org>
- Date: Thu, 08 Dec 2005 21:12:13 +0100
- To: Yves Lafon <ylafon@w3.org>
- CC: Nitesh <nitesh.gulati@gmail.com>, "'e.l. seielstad'" <elseielstad@yahoo.com>, www-jigsaw@w3.org
Thank you for your help.
Yves Lafon wrote:
>
> On Thu, 8 Dec 2005, Nitesh wrote:
>
>>
>> I'm not quite sure if I still understand your problem well enough.
>>
>> Anyway, see if this helps:
>> http://userpages.umbc.edu/~mabzug1/cs/md5/md5.html
>>
>> Lastly, I recommend Hashing for passwords used in internet applications!
>>
>> Let me know if it helps or if you need more related info! Good Luck!
>
>
> Bear in mind that Basic auth in HTTP use login password in clear text
> (well, base64 encoded for that matters but still), in that case it is
> easy to store locally in md5 but as all that is required is to sniff the
> network...
> For Digest auth, a part of the hash requires the passwd in clear text on
> both side
> A1 = unq(username-value) ":" unq(realm-value) ":" passwd
>
>> -----Original Message-----
>> From: www-jigsaw-request@w3.org [mailto:www-jigsaw-request@w3.org] On
>> Behalf
>> Of CLOUD
>> Sent: Thursday, December 08, 2005 9:48 PM
>> To: e.l. seielstad
>> Cc: www-jigsaw@w3.org
>> Subject: Re: Search how to crypt the authentification
>>
>>
>> e.l. seielstad wrote:
>>
>>> I think the original request involves creating a way to encrypt the
>>
>> admin password (and user passwords) stored in the authentication files..
>>
>>>
>>> .../Jigsaw/config/auth/*.db files contain clear-text versions of
>>
>> user names and passwords for the jigsaw server.
>>
>>>
>>> --erik.
>>>
>>>
>>> Nitesh <nitesh.gulati@gmail.com> wrote:
>>> I don't understand! Where is encryption in the entire deal?
>>>
>>> Wait... are you saying that you are trying to encrypt the password in in
>>> setPassword() before setString() & are getting same result when
>>> encrypting
>>> different words?
>>>
>>> -----Original Message-----
>>> From: www-jigsaw-request@w3.org [mailto:www-jigsaw-request@w3.org] On
>>
>> Behalf
>>
>>> Of CLOUD
>>> Sent: Thursday, December 08, 2005 6:22 PM
>>> To: William Cai
>>> Cc: www-jigsaw@w3.org
>>> Subject: Re: Search how to crypt the authentification
>>>
>>>
>>> William Cai wrote:
>>>
>>>> Usually we calculate MD5 sum of password and store the MD5 sum. Does
>>>> that make sense?
>>>>
>>>> On Wed, 2005-12-07 at 23:15 +0100, CLOUD wrote:
>>>>
>>>>
>>>>
>>>>> Hi.
>>>>>
>>>>> I search how i can crypt the password of admin and users. I try to
>>>>> find
>>>>> the good class to change it but without success.
>>>>> Someone can help me ?
>>>>>
>>>>> Thanks
>>>>
>>>>
>>>>
>>> Thanks for your answer.
>>>
>>> I don't want the algorithm but the class which stores the pass in the
>>> xml file and the class which auth the user when he wants to modify data,
>>> to add an algorithm.I've tried with the class
>>> org.w3c.jigsaw.auth.AuthUser.java but without success . I thought it can
>>> be :
>>>
>>> /**
>>> * Get the user password.
>>> */
>>>
>>> public String getPassword() {
>>> return (String) getValue(ATTR_PASSWORD, null) ;
>>> }
>>>
>>> /**
>>> * Set a new password for this user.
>>> * @param passwd The new user's password.
>>> */
>>>
>>> public void setPassword(String passwd) {
>>> setString(ATTR_PASSWORD, passwd);
>>> }
>>>
>>> but if I change passwd in setPassword() before the setString, there is
>>> no change...
>>>
>>> Thanks for your interest.
>>> Rémi Laurent
>>>
>>>
>>>
>>>
>>>
>>>
>>> ---------------------------------
>>> Yahoo! Shopping
>>> Find Great Deals on Holiday Gifts at Yahoo! Shopping
>>
>>
>> Yes erik has understandood my request. I want to encrypt this clear-text
>> password modifying classes and of course the same thing for the
>> authentication. But I don't find the classes to do its.
>>
>> Rémi Laurent
>>
>>
>>
>
Received on Thursday, 8 December 2005 20:14:19 UTC