Re: Encrypted Passwords

Well, actually I *do* want to.  My goal is to be able to use my existing set
of database users to authenticate to web apps running in Tomcat.  Tomcat
allows you to set up a JDBC Realm for authentication, which lets you connect
to a database and use usernames and passwords from that database.  The problem
is that Tomcat computes the digest without a salt and, therefore,
authentication is failing because the two digested versions of the same
password are different.

Has anyone else used postgres to set up a JDBC Realm?  Can anyone suggest any
alternatives?

--
Robert Abernethy IV
Dynamic Edge, Inc.
734.975.0460


> "Rob Abernethy IV" <abernethy@dynedge.com> writes:
> > Can you tell postgres *NOT* to use a salt when calculating the MD5
> > digest?
>
> No, and you wouldn't want to.  The salt is an essential security
> feature.
>
>             regards, tom lane