From e0ec318eaf4c6f6129f57174bcb5873763541c13 Mon Sep 17 00:00:00 2001
From: ulrich <not disclosed>
Date: Fri, 06 Jan 2017 18:28:37 +0000
Subject: [PATCH] Digester auf SHA-256 umgestellt

---
 src/java/de/uhilger/um/api/UserMgr.java |    6 +++++-
 1 files changed, 5 insertions(+), 1 deletions(-)

diff --git a/src/java/de/uhilger/um/api/UserMgr.java b/src/java/de/uhilger/um/api/UserMgr.java
index 6626665..dcffb9c 100644
--- a/src/java/de/uhilger/um/api/UserMgr.java
+++ b/src/java/de/uhilger/um/api/UserMgr.java
@@ -94,7 +94,11 @@
     String kw = user.getPw();
     String digesterClassName = ctx.getInitParameter(P_DIGESTER);
     Digester digester = (Digester) Class.forName(digesterClassName).newInstance();
-    String digestedPw = digester.digest(kw, Digester.MD5, null);
+    /*
+      MD5 geht nicht mehr,
+      vgl. http://stackoverflow.com/questions/39967289/how-to-use-digest-authentication-in-tomcat-8-5
+    */
+    String digestedPw = digester.digest(kw, Digester.SHA256, null);
     user.setPw(digestedPw);
     getDb().insert(user, UserMapper);
     return user;

--
Gitblit v1.9.3