Hi All, So good new! Apparently the MD5 encoder in the Cas built in implementation, actually does everything great* but* it returns the hashed output as a STRING type and not ad a BYTE ARRAY (BLOG for instance). On the other hand, my database holds the hashed md5 password in a TINYBLOB field and once it was changed to hold the hashed passwords as clear text, everything worked great!
So basically I have two options: - Rewrite Cas's MD5 encoder (I am not a programmer though..) - Change the password field type in my db to varchar and save the hashed string - effects other applications using the very same table. Does Cas has any other build in MD5 encoder that returns the hashed output as an actual byte array and not a string? Anyway, thanks you all for the help!!! Appreciate it! On Mon, Jun 11, 2012 at 3:19 PM, Eric Pierce <[email protected]> wrote: > You could turn on query logging in MySQL ( > http://dev.mysql.com/doc/refman/5.1/en/query-log.html). That will give > you the exact query that is being run. > > -Eric > > On Mon, Jun 11, 2012 at 2:05 AM, Ronen Itkin <[email protected]> wrote: > >> Nope, Unfortunately does not show extra info. >> Unless you have any other suggestions, I will try debugging the code on >> Eclipse :/ >> >> Thanks!! >> >> On Mon, Jun 11, 2012 at 3:52 AM, Marvin Addison <[email protected] >> > wrote: >> >>> > By the way, Should it show the hashed password at all? sounds like a >>> > security vulnerability. >>> >>> CAS computes the hash from the password supplied by the user and >>> compares it with the value on record. So in that sense it "knows" the >>> hash, but only in a transient fashion. All authentication systems >>> that authenticate against a hash work this way, so no, there's no >>> security vulnerability. >>> >>> M >>> >>> -- >>> You are currently subscribed to [email protected] as: >>> [email protected] >>> >>> To unsubscribe, change settings or access archives, see >>> http://www.ja-sig.org/wiki/display/JSG/cas-user >>> >> >> >> >> -- >> * >> Ronen Itkin* >> Taykey | www.taykey.com >> >> -- >> You are currently subscribed to [email protected] as: [email protected] >> >> To unsubscribe, change settings or access archives, see >> http://www.ja-sig.org/wiki/display/JSG/cas-user >> >> > > > -- > Eric Pierce > Identity Management Architect > Information Technology > University of South Florida > (813) 974-8868 -- [email protected] > > -- > You are currently subscribed to [email protected] as: [email protected] > To unsubscribe, change settings or access archives, see > http://www.ja-sig.org/wiki/display/JSG/cas-user > > -- * Ronen Itkin* Taykey | www.taykey.com -- You are currently subscribed to [email protected] as: [email protected] To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user
