Jump to: navigation, search

Difference between revisions of "Jetty/Howto/Secure Passwords"

< Jetty‎ | Howto
(New page: {{Jetty Howto | introduction = There are many places where you need to use and store a password, for example for the How to configure SSL connectors and user passwords...)
 
Line 2: Line 2:
 
| introduction =
 
| introduction =
  
There are many places where you need to use and store a password, for example for the [[Jetty/Howto/SSL|How to configure SSL]] connectors and user passwords in [[Jetty/Feature/Realms|Realms]].
+
There are many places where you need to use and store a password, for example for the [[Jetty/Howto/SSL|How to configure SSL]] connectors, and for user passwords in realms.
  
 
Passwords can be stored in *clear text*, *obfuscated*, *checksummed* or *encrypted* in order of increasing security.
 
Passwords can be stored in *clear text*, *obfuscated*, *checksummed* or *encrypted* in order of increasing security.
| steps = (required)
+
| steps =
Jetty provides a [http://dev.eclipse.org/viewcvs/index.cgi/jetty/trunk/jetty-http/src/main/java/org/eclipse/jetty/http/security/Password.java?root=RT_Jetty&view=log password utility ] that can be used to generate all varieties of passwords.
+
Jetty provides a [http://dev.eclipse.org/viewcvs/index.cgi/jetty/trunk/jetty-http/src/main/java/org/eclipse/jetty/http/security/Password.java?root=RT_Jetty&view=log password utility] that can be used to generate all varieties of passwords.
  
 
Run it without arguments to see usage instructions:
 
Run it without arguments to see usage instructions:
Line 15: Line 15:
  
 
For example, to generate a secured version of the password "blah" for the user "me", do:
 
For example, to generate a secured version of the password "blah" for the user "me", do:
  > java -cp lib/jetty-xxx.jar:lib/jetty-util-xxx.jar org.mortbay.jetty.security.Password me blah
+
  > java -cp lib/jetty-http-xxx.jar:lib/jetty-util-xxx.jar org.mortbay.jetty.security.Password me blah
 
  blah
 
  blah
 
  OBF:20771x1b206z
 
  OBF:20771x1b206z
Line 27: Line 27:
 
  other: OBF:1xmk1w261u9r1w1c1xmq
 
  other: OBF:1xmk1w261u9r1w1c1xmq
 
  guest: guest,read-only
 
  guest: guest,read-only
  me:CRYPT:me/ks90E221EY
+
  me: CRYPT:me/ks90E221EY
  
 
{{tip|Don't forget to also copy the '''OBF:''', '''MD5:''' or '''CRYPT:''' prefix on the generated password. It will not be usable by Jetty without it.}}
 
{{tip|Don't forget to also copy the '''OBF:''', '''MD5:''' or '''CRYPT:''' prefix on the generated password. It will not be usable by Jetty without it.}}
 
| category = [[Category:Jetty Howto]]
 
| category = [[Category:Jetty Howto]]
 
}}
 
}}

Revision as of 14:12, 23 December 2009



Introduction

There are many places where you need to use and store a password, for example for the How to configure SSL connectors, and for user passwords in realms.

Passwords can be stored in *clear text*, *obfuscated*, *checksummed* or *encrypted* in order of increasing security.


Steps

Jetty provides a password utility that can be used to generate all varieties of passwords.

Run it without arguments to see usage instructions:

> java -cp lib/jetty-http-xxx.jar:lib/jetty-util-xxx.jar org.eclipse.jetty.http.security.Password
Usage - java org.eclipse.jetty.http.security.Password [<user>] <password>

where -xxx signifies the version of Jetty that you have installed.

For example, to generate a secured version of the password "blah" for the user "me", do:

> java -cp lib/jetty-http-xxx.jar:lib/jetty-util-xxx.jar org.mortbay.jetty.security.Password me blah
blah
OBF:20771x1b206z
MD5:639bae9ac6b3e1a84cebb7b403297b79
CRYPT:me/ks90E221EY

Now you can cut and paste whichever secure version you choose into your configuration file or java code.

For example, the last line below shows you how you would cut and paste the encrypted password generated above into the properties file for a HashUserRealm:

admin: CRYPT:ad1ks..kc.1Ug,server-administrator,content-administrator,admin
other: OBF:1xmk1w261u9r1w1c1xmq
guest: guest,read-only
me: CRYPT:me/ks90E221EY
Idea.png
Don't forget to also copy the OBF:, MD5: or CRYPT: prefix on the generated password. It will not be usable by Jetty without it.