Re: [jetty-users] Question regd jetty ssl configuration.

[John English <john.foreign@xxxxxxxxx>]

On 16/07/2021 00:25, Greg Wilkins wrote:
> John,
>
> Not secure at all, nor is it intended to be.
>
> The issue is that if the server is to be started automatically without 
> the need to enter a passphrase, then encryption cannot be used since the 
> server needs to provide the keystore passwords at runtime.    OBF is 
> simply a way to put the pass phrases into a configuration file so that a 
> casual observer looking over your shoulder cannot easily remember the 
> configured passwords.    MD5 cannot be used at all in this situation (it 
> is provided for checking things like BASIC authentication where a 
> credential is sent over "the wire" but we want to avoid storing such 
> credentials on the server, so we check the MD5 of the provided 
> credential with the stored MD5).

Ah, I misread -- I was thinking of password authentication when I read 
it. Apols.

--
John English