Yeah, that's what I've always done, as well.
I was just sitting here wondering if there was a way to take advantage
of the db functions.
Ah well. Thanks!
Robert
On Aug 7, 2008, at 8/72:00 PM , Michael Gentry wrote:
> I've done it in code. If your Java side is the same as the DB side,
> it really doesn't much matter (like using SHA1). (If you want someone
> to be able to reset the password from the SQL command-line, for
> example). Doing it in code seems fine to me. Create a setPassword()
> cover method in Users.java that hashes it and sets it in the parent:
>
> public void setPassword(String newPassword)
> {
> super.setPassword(sha1(newPassword));
> }
>
> This way you toss the plain-text password quickly. Also, if it is set
> to the original password, Cayenne will skip it as a changed value.
>
> I've also used this technique with encryption, too. You have to
> override the set/get methods for the encrypted fields (say, a social
> security number or a credit card number). It is a little more work to
> do queries on encrypted fields, of course.
>
>
> On Thu, Aug 7, 2008 at 1:13 PM, Robert Zeigler <robert.zeigle..mail.com
> > wrote:
>> Hi all,
>>
>> Up to this point, whenever I've had to store hashed text (say, the
>> hashed
>> from of a password) in the db, I've simply hashed in code.
>> But the question arose the other day of how you would go about
>> doing this on
>> the database sided (assuming your target db supports your target hash
>> function).
>> Say, for example, you have the following table:
>>
>> users
>> id integer
>> username varchar('32')
>> password varchar('40')
>>
>> And you want to hash the password as sha1.
>>
>> Using mysql and straight sql, you would do something like:
>>
>> insert into users (id,username,password)
>> values(1,'userx',sha1('usery'));
>>
>> Is there some way to get cayenne to generate this same sql when
>> inserting
>> new rows?
>> Or, for example, when cayenne detects a diff in password, and does
>> an update
>> users set password=..., to have it do password=sha1('newpassword')?
>>
>> Of course, I can hash the password in code... but it would be nice if
>> cayenne could somehow manage this for me.
>>
>> And I could do some sort of ugly hack like having a post-persist
>> callback
>> that executes sqltemplate to sha1-hash the value of the newly
>> inserted
>> row... but that really is ugly.
>>
>> Surely I'm not the only one who hashes passwords in the
>> database. ;) What
>> are other people doing here? Does everyone just handle the hashing
>> in code,
>> like I've been doing up until now?
>>
>> Robert
>>
This archive was generated by hypermail 2.0.0 : Thu Aug 07 2008 - 15:20:36 EDT