ApacheCon 2016 has ended
Back To Schedule
Friday, May 13 • 11:20am - 12:10pm
Seamless Upgrades for Credential Security in Apache Tomcat - Christopher Schultz, Total Child Health

Sign up or log in to save this to your schedule, view media, leave feedback and see who's attending!

Clear-text credentials (user passwords) were never a good idea. Not only are both MD5 and SHA1 now dead, even more modern hashing algorithms aren't appropriate for credential storage in an era of hash-lookup sites. Some recent additions to Apache Tomcat have made it easier to use more secure credential-storage mechanisms along with container-managed security. They can even be used to seamlessly upgrade from older, less-secure algorithms to newer, more secure ones.

We'll investigate the modifications to Tomcat that allow developers and operations staff to use these features, and look at how to actually plug custom credentials-handling mechanisms into an existing Tomcat-based application.

avatar for Christopher Schultz

Christopher Schultz

Chief Technology Officer, Total Child Health, Inc.
Christopher Schultz is the CTO of Total Child Health, Inc. where he leads a small team of engineers to build server-side healthcare-related software in Java. Chris is an ASF Member active in the Apache Tomcat and Velocity communities as well as a committer on both projects, and Tomcat... Read More →

Friday May 13, 2016 11:20am - 12:10pm PDT
Plaza A