I have MD5 encrypted passwords in my database. I would like the login module to encrypt the plain text password before comparing to the database password. I have the following application policy set up in the login-config.xml file: <application-policy name = "HsqlDbRealm"> <login-module code = "org.jboss.resource.security.ConfiguredIdentityLoginModule" flag = "required"> <module-option name = "principal">sa</module-option> <module-option name = "userName">sa</module-option> <module-option name = "password"></module-option> <module-option name="hashAlgorithm">MD5</module-option> <module-option name ="hashEncoding">base64</module-option> <module-option name = "managedConnectionFactoryName">jboss.jca:service=LocalTxCM,name=DefaultDS</module-option> </login-module> </application-policy> But its not working. My login page is treating the password as plain text and not encoding it before comparison. What am I missing here? (I am using JBoss 4.0.4 with Hibernate and Postgress 8.1.4.) Thanks for the help! Elise Wade View the original post : http://www.jboss.com/index.html?module=bb&op=viewtopic&p=3991771#... Reply to the post : http://www.jboss.com/index.html?module=bb&op=posting&mode=reply&a...