> On Oct 22, 2023, at 10:02, Усманов Азат Анварович wrote:
>
> Hi everyone! I'm trying to use CredentialHandler with tomcat to increase
> security since our db at $work still has pwd stored as md5 hashes. Some of
> our servers still use tomcat 7.092/ I was looking at this presentation by
> Christopher Shultz
> http://people.apache.org/~schultz/ApacheCon%20NA%202017/Seamless%20Upgrades%20for%20Credential%20Security%20in%20Apache%20Tomcat.pdf
> it mentions that Credention handler should be available to a web app in
> Tomcat 7.0.70+ But then I looked up source code for catalina.jar in 7.0.92
> and 7.0.109-src I cant find class Named CredentialHandler.Am I looking at
> the wrong place or is it just not available in tomcat 7 ? Also tomcat docs
> for 7 doesn't seem to mention CredentialHandler at all..
Looks like the CredentialHandler mechanism was introduced in 8.0.15 (November
2014), with no indication that it would ever be retrofitted to any 7.0.x
version. (The footnote on slide 30 of the cited presentation appears to be in
error.)
Given that Tomcat 7.0 has not been supported for over two years and numerous
issues have been addressed in the intervening time period, it might be time to
upgrade…
- Chuck
-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org
