Well, I think I wasn't clear, sorry. I know how to store encrypted passwords in the database, it's an easy thing. Today, when the server shows the login form, with the DataBaseServerLoginModule, I can connect with the database by the pure text credentials passed through j_security_check, reading two tables in the database. By this way, I can connect successfully, but I can "see" the password in the users table (of course, I know that you know that too)! I know how to encrypt this password using a database function, but how I'll do the text password from the login page be compared with that encrypted password? I will work later on this, and I think the link will be helpfull, but if you have any other help/examples I appreciate. Thanks! View the original post : http://www.jboss.com/index.html?module=bb&op=viewtopic&p=4024737#... Reply to the post : http://www.jboss.com/index.html?module=bb&op=posting&mode=reply&a...