How to avoid storing passwords in the clear for tomcat's server.xml Resource definition of a DataSource?

Question

The resource definition in tomcat\'s server.xml looks something like this...

Answer 1

All of the foregoing having been said, if you still want to avoid plain text passwords you can use a hashing algorithm such as SHA-256 or (preferably) SHA-512. When a password is created, obtain the hashed value and store it rather than the password. When a user logs in, hash the password and see of it matches the stored hashed password. Hashing algorithms take a character string (or number) from a small string (or number) space into a much larger one in a way that is expensive to reverse.