https://stackoverflow.com/questions/18764811
italiano
english
français
española
中国
日本の
العربية
Deutsch
한국어
Português
RussianOk! Finally I've noticed that GWT's MessageDigest implementation in compiled mode only supports MD5 algorithm, so SHA-256 is not compatible. During DevMode it's using the standard Java MessageDigest which also supports SHA-256.
Best regards
SHA-256 Message Digest in Tomcat 6.0 in normal webapp form (no realm related)
Question
We have been developing a GWT application witch controls user login / relogin via simple user / pass form hashing the passwords in SHA-256. The passwords are stored in SHA-256 in the database (Hibernate over PostgreSQL). No plain text anywhere.
Once deployed, in the login process server returns error saying that no SHA-256 algorithm was found. The provider (MessageDigest from SUN) is in the java.security properties. The same version of JDK is being used in development and production server.
After doing my homework and searching here I've found a lot of questions, but all of them related to Realm login with SHA-256 digest.
I'm new to Tomcat so, what's the best practice here? Delegate login / roles in Tomcat? Or keep webapp simple login and fix SHA-256 problem (how!)?
Best regards
Solution
Licensed under: CC-BY-SA with attribution
Not affiliated with StackOverflow
