Re: Using MySQL Encryption Function to Store Password

From: Nishant Neeraj (nneeraj12..ahoo.com)
Date: Mon Jan 25 2010 - 03:00:29 EST

Next message: Michael Gentry: "Re: Using MySQL Encryption Function to Store Password"

Previous message: Michael Gentry: "Re: Using MySQL Encryption Function to Store Password"
In reply to: Michael Gentry: "Re: Using MySQL Encryption Function to Store Password"
Next in thread: Michael Gentry: "Re: Using MySQL Encryption Function to Store Password"
Reply: Michael Gentry: "Re: Using MySQL Encryption Function to Store Password"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Right, thanks. I've got this part, and I am using Key-based AES encryption.
However, I have another question -- not directly related to the subject of the thread. It's about throwing exception in sub-classes.

Take this case

public setPassword(String plaintextPassword)

{

String hashedPassword = EncryptionUtilThatThrowsException(plaintextPassword);

super.setPassword(hashedPassword);

}

Here, I can't throw the Exception and I have to handle it here -- but all I want is to throw the checked exceptions to front-end (calling class) and let front end to decide what to do with it.

Is there any way to to do this?

Thanks
Nishant
--- On Mon, 25/1/10, Michael Gentry <mgentr..asslight.net> wrote:

From: Michael Gentry <mgentr..asslight.net>
Subject: Re: Using MySQL Encryption Function to Store Password
To: use..ayenne.apache.org
Date: Monday, 25 January, 2010, 10:05 AM

If you happen to be using the Apache Commons Codec package, you can
use DigestUtils to simplify hashing the password. (You don't actually
want to encrypt the password, just hash it). In your subclass (the
non-underscore one), add something like:

public setPassword(String plaintextPassword)
{
String hashedPassword = DigestUtils.sha256Hex(plaintextPassword);
super.setPassword(hashedPassword);
}

Here is the JavaDoc for DigestUtils:

http://commons.apache.org/codec/api-release/org/apache/commons/codec/digest/DigestUtils.html

Be sure your password field is big enough. For SHA-266, I think you'd
need 64 characters.

mrg

On Sat, Jan 23, 2010 at 9:37 PM, Joe Baldwin <jfbaldwi..arthlink.net> wrote:
> Hi,
>
> I had this very same question some time ago, and the overwhelming opinion was to use the Java encryption over a DBMS-specific solution. I am using the javax.crypto package. I handle the encryption with a wrapper class and simply store the resulting string in the database using standard Cayenne.
>
> I now agree with all of those people who suggested that I go with the standard Java encryption vs MySQL.
>
> Hope this helps,
> Joe
>
>
> On Jan 23, 2010, at 3:34 PM, Nishant Neeraj wrote:
>
>> Hi,
>>
>> Is there a way in Cayenne to use MySQL's encryption functions to store encrypt and store password?
>>
>> Thanks
>> -Nishant
>>
>>
>> Your Mail works best with the New Yahoo Optimized IE8. Get it NOW! http://downloads.yahoo.com/in/internetexplorer/
>
>

Next message: Michael Gentry: "Re: Using MySQL Encryption Function to Store Password"
Previous message: Michael Gentry: "Re: Using MySQL Encryption Function to Store Password"
In reply to: Michael Gentry: "Re: Using MySQL Encryption Function to Store Password"
Next in thread: Michael Gentry: "Re: Using MySQL Encryption Function to Store Password"
Reply: Michael Gentry: "Re: Using MySQL Encryption Function to Store Password"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2.0.0 : Mon Jan 25 2010 - 03:03:06 EST