AES sounds to me like you are using encryption instead of hashing. If
you have a requirement to be able to decrypt the password, that's
fine, but otherwise you should hash it instead of encrypt it.
As to the exception handling, I'm not sure which front-end you are
using. In a Tapestry 5 application, I'd catch the exception in
setPassword() and set the password to null and then in my onValidate*
type methods for T5 I'd check if the password was null and handle it
there.
mrg
On Mon, Jan 25, 2010 at 3:00 AM, Nishant Neeraj <nneeraj12..ahoo.com> wrote:
> Right, thanks. I've got this part, and I am using Key-based AES encryption.
> However, I have another question -- not directly related to the subject of the thread. It's about throwing exception in sub-classes.
>
> Take this case
>
> public setPassword(String plaintextPassword)
>
> {
>
> String hashedPassword = EncryptionUtilThatThrowsException(plaintextPassword);
>
> super.setPassword(hashedPassword);
>
> }
>
>
> Here, I can't throw the Exception and I have to handle it here -- but all I want is to throw the checked exceptions to front-end (calling class) and let front end to decide what to do with it.
>
> Is there any way to to do this?
>
> Thanks
> Nishant
> --- On Mon, 25/1/10, Michael Gentry <mgentr..asslight.net> wrote:
>
> From: Michael Gentry <mgentr..asslight.net>
> Subject: Re: Using MySQL Encryption Function to Store Password
> To: use..ayenne.apache.org
> Date: Monday, 25 January, 2010, 10:05 AM
>
> If you happen to be using the Apache Commons Codec package, you can
> use DigestUtils to simplify hashing the password. (You don't actually
> want to encrypt the password, just hash it). In your subclass (the
> non-underscore one), add something like:
>
> public setPassword(String plaintextPassword)
> {
> String hashedPassword = DigestUtils.sha256Hex(plaintextPassword);
> super.setPassword(hashedPassword);
> }
>
> Here is the JavaDoc for DigestUtils:
>
> http://commons.apache.org/codec/api-release/org/apache/commons/codec/digest/DigestUtils.html
>
> Be sure your password field is big enough. For SHA-266, I think you'd
> need 64 characters.
>
> mrg
>
>
> On Sat, Jan 23, 2010 at 9:37 PM, Joe Baldwin <jfbaldwi..arthlink.net> wrote:
>> Hi,
>>
>> I had this very same question some time ago, and the overwhelming opinion was to use the Java encryption over a DBMS-specific solution. I am using the javax.crypto package. I handle the encryption with a wrapper class and simply store the resulting string in the database using standard Cayenne.
>>
>> I now agree with all of those people who suggested that I go with the standard Java encryption vs MySQL.
>>
>> Hope this helps,
>> Joe
>>
>>
>> On Jan 23, 2010, at 3:34 PM, Nishant Neeraj wrote:
>>
>>> Hi,
>>>
>>> Is there a way in Cayenne to use MySQL's encryption functions to store encrypt and store password?
>>>
>>> Thanks
>>> -Nishant
>>>
>>>
>>> Your Mail works best with the New Yahoo Optimized IE8. Get it NOW! http://downloads.yahoo.com/in/internetexplorer/
>>
>>
>
>
>
> The INTERNET now has a personality. YOURS! See your Yahoo! Homepage. http://in.yahoo.com/
This archive was generated by hypermail 2.0.0 : Mon Jan 25 2010 - 08:55:00 EST