The passwords used for authentication so far has been stored in plain text. This might be a security issue so RIFE comes with support for three different encryption algorithms: MD5, SHA and OBF (obfuscated). It's as simple as passing the desired algorithm as the authentication element's password_encryption parameter, for example:
<property name="password_encryption">MD5</property>
When using encrypted passwords in the memory users file, the password needs to be prefixed by the algorithm, so that RIFE knows which one to use:
Example 11.3. Encrypted memory users
<credentials>
<user login="guest">
<password>SHA:duH5g2aTTgh6206iakXKII5qs0A=</password>
</user>
<user login="gbevin">
<password>MD5:JJSy0mVyeMFG9f21yHQVyg==</password>
<role>admin</role>
<role>maint</role>
</user>
</credentials> There is a small commandline tool that encrypts (and decrypts) passwords and produces strings with the right format that RIFE can understand. To try it out, run it like this:
java -classpath rife-{version}.jar com.uwyn.rife.tools.StringEncryptor
-e MD5:encrypt-this-password This generates an MD5 password, and using SHA: or OBF: as prefix uses the SHA and OBF algorithms instead.