WalkerWatch
parent
c5ffca0c75
commit
6b93a8ec9d
|
|
@ -22,7 +22,7 @@ There are many places where you might want to use and store a password, for exam
|
|||
Passwords can be stored in clear text, obfuscated, checksummed or encrypted in order of increasing security.
|
||||
The choice of method to secure a password depends on where you are using the password.
|
||||
In some cases, such as keystore passwords and `DIGEST` authentication, the system must retrieve the original password, which requires the obfuscation method.
|
||||
The drawback of the obfuscation algorithm is that it protects passwords from casual viewing only.
|
||||
The drawback of the obfuscation algorithm is that it protects passwords *from casual viewing only.*
|
||||
|
||||
When the stored password is compared to one a user enters, the handling code can apply the same algorithm that secures the stored password to the user input and compare results, making password authentication more secure.
|
||||
|
||||
|
|
@ -37,27 +37,35 @@ Run it without arguments to see usage instructions:
|
|||
|
||||
[source, screen, subs="{sub-order}"]
|
||||
....
|
||||
|
||||
$ export JETTY_VERSION=9.0.0-SNAPSHOT
|
||||
$ java -cp lib/jetty-util-$JETTY_VERSION.jar org.eclipse.jetty.util.security.Password
|
||||
$ java -cp lib/jetty-util-{VERSION}.jar org.eclipse.jetty.util.security.Password
|
||||
|
||||
Usage - java org.eclipse.jetty.util.security.Password [<user>] <password>
|
||||
If the password is ?, the user will be prompted for the password
|
||||
|
||||
....
|
||||
|
||||
For example, to generate a secured version of the password "blah" for the user "me":
|
||||
|
||||
[source, screen, subs="{sub-order}"]
|
||||
....
|
||||
|
||||
$ export JETTY_VERSION=9.0.0.RC0
|
||||
$ java -cp lib/jetty-util-$JETTY_VERSION.jar org.eclipse.jetty.util.security.Password me blah
|
||||
$ java -cp lib/jetty-util-{VERSION}.jar org.eclipse.jetty.util.security.Password me blah
|
||||
blah
|
||||
OBF:20771x1b206z
|
||||
MD5:639bae9ac6b3e1a84cebb7b403297b79
|
||||
CRYPT:me/ks90E221EY
|
||||
....
|
||||
|
||||
If using a external tool to create/verify the MD5 hash (such as `md5sum` or `md5`), be sure to verify a carriage return (CR) or new line is not added.
|
||||
For example:
|
||||
|
||||
[source, screen, subs="{sub-order}"]
|
||||
....
|
||||
//With a CR included
|
||||
$ echo Jetty | md5sum
|
||||
bca10872e52ccc5c4a22bf23ef4d5843 *-
|
||||
|
||||
//Using the `-n` option to exclude a new line from being added.
|
||||
$ echo -n Jetty | md5sum
|
||||
95dd2e7e150f2e8a04c35a78cb15b3e5 *-
|
||||
....
|
||||
|
||||
You can now cut and paste whichever secure version you choose into your configuration file or Java code.
|
||||
|
|
@ -79,7 +87,7 @@ ____
|
|||
Don't forget to also copy the OBF:, MD5: or CRYPT: prefix on the generated password. It will not be usable by Jetty without it.
|
||||
____
|
||||
|
||||
You can also use obfuscated passwords in Jetty xml files where a plain text password is usually needed.
|
||||
You can also use obfuscated passwords in Jetty xml files where a plain text password is required.
|
||||
Here's an example setting the password for a JDBC Datasource with obfuscation:
|
||||
|
||||
[source, xml, subs="{sub-order}"]
|
||||
|
|
|
|||
Loading…
Reference in New Issue