views:

12

answers:

0

Hello

Is it possible to use salted password along with standard HTTP authentication schemes ( FORM or DIGEST ) ?

I am using GlassFish, and when I request a protected page, the form or the answer with the nonce are sent back directly by the server. I can't see any obvious way to hook into the server mechanism to insert the salt in the 302 response ( which I thought could be a good idea ). Thus the password I return can just be hashed without salt.

Is it so ?
Thank you.