Re: Using MySQL Encryption Function to Store Password

From: Nishant Neeraj (nneeraj12..ahoo.com)
Date: Mon Jan 25 2010 - 03:00:29 EST

  • Next message: Michael Gentry: "Re: Using MySQL Encryption Function to Store Password"

    Right, thanks. I've got this part, and I am using Key-based AES encryption. 
    However, I have another question -- not directly related to the subject of the thread. It's about throwing exception in sub-classes.

    Take this case

    public setPassword(String plaintextPassword)

    {

        String hashedPassword = EncryptionUtilThatThrowsException(plaintextPassword);

        super.setPassword(hashedPassword);

    }

    Here, I can't throw the Exception and I have to handle it here -- but all I want is to throw the checked exceptions to front-end (calling class) and let front end to decide what to do with it.

    Is there any way to to do this?

    Thanks
    Nishant
    --- On Mon, 25/1/10, Michael Gentry <mgentr..asslight.net> wrote:

    From: Michael Gentry <mgentr..asslight.net>
    Subject: Re: Using MySQL Encryption Function to Store Password
    To: use..ayenne.apache.org
    Date: Monday, 25 January, 2010, 10:05 AM

    If you happen to be using the Apache Commons Codec package, you can
    use DigestUtils to simplify hashing the password.  (You don't actually
    want to encrypt the password, just hash it).  In your subclass (the
    non-underscore one), add something like:

    public setPassword(String plaintextPassword)
    {
        String hashedPassword = DigestUtils.sha256Hex(plaintextPassword);
        super.setPassword(hashedPassword);
    }

    Here is the JavaDoc for DigestUtils:

    http://commons.apache.org/codec/api-release/org/apache/commons/codec/digest/DigestUtils.html

    Be sure your password field is big enough.  For SHA-266, I think you'd
    need 64 characters.

    mrg

    On Sat, Jan 23, 2010 at 9:37 PM, Joe Baldwin <jfbaldwi..arthlink.net> wrote:
    > Hi,
    >
    > I had this very same question some time ago, and the overwhelming opinion was to use the Java encryption over a DBMS-specific solution. I am using the javax.crypto package.  I handle the encryption with a wrapper class and simply store the resulting string in the database using standard Cayenne.
    >
    > I now agree with all of those people who suggested that I go with the standard Java encryption vs MySQL.
    >
    > Hope this helps,
    > Joe
    >
    >
    > On Jan 23, 2010, at 3:34 PM, Nishant Neeraj wrote:
    >
    >> Hi,
    >>
    >> Is there a way in Cayenne to use MySQL's encryption functions to store encrypt and store password?
    >>
    >> Thanks
    >> -Nishant
    >>
    >>
    >>      Your Mail works best with the New Yahoo Optimized IE8. Get it NOW! http://downloads.yahoo.com/in/internetexplorer/
    >
    >



    This archive was generated by hypermail 2.0.0 : Mon Jan 25 2010 - 03:03:06 EST