Yes, It is a reasonable solution :) Sounds good!! Thanks Eric! On Thu, Jun 14, 2012 at 3:46 PM, Eric Pierce <[email protected]> wrote:
> You could use QueryDatabaseAuthenticationHandler and search against the db > with a query that casts the TINYBLOB to CHAR. Here's an (untested) example > SELECT CAST(password AS CHAR(512) CHARACTER SET utf8) FROM users WHERE > username = ? > > On Thu, Jun 14, 2012 at 2:27 AM, Ronen Itkin <[email protected]> wrote: > >> Hi All, >> >> So good new! >> Apparently the MD5 encoder in the Cas built in implementation, actually >> does everything great* but* it returns the hashed output as a STRING >> type and not ad a BYTE ARRAY (BLOG for instance). On the other hand, my >> database holds the hashed md5 password in a TINYBLOB field and once it was >> changed to hold the hashed passwords as clear text, everything worked great! >> >> So basically I have two options: >> >> - Rewrite Cas's MD5 encoder (I am not a programmer though..) >> - Change the password field type in my db to varchar and save the >> hashed string - effects other applications using the very same table. >> >> Does Cas has any other build in MD5 encoder that returns the hashed >> output as an actual byte array and not a string? >> >> >> Anyway, thanks you all for the help!!! >> >> Appreciate it! >> >> >> >> >> On Mon, Jun 11, 2012 at 3:19 PM, Eric Pierce <[email protected]> wrote: >> >>> You could turn on query logging in MySQL ( >>> http://dev.mysql.com/doc/refman/5.1/en/query-log.html). That will give >>> you the exact query that is being run. >>> >>> -Eric >>> >>> On Mon, Jun 11, 2012 at 2:05 AM, Ronen Itkin <[email protected]> wrote: >>> >>>> Nope, Unfortunately does not show extra info. >>>> Unless you have any other suggestions, I will try debugging the code on >>>> Eclipse :/ >>>> >>>> Thanks!! >>>> >>>> On Mon, Jun 11, 2012 at 3:52 AM, Marvin Addison < >>>> [email protected]> wrote: >>>> >>>>> > By the way, Should it show the hashed password at all? sounds like a >>>>> > security vulnerability. >>>>> >>>>> CAS computes the hash from the password supplied by the user and >>>>> compares it with the value on record. So in that sense it "knows" the >>>>> hash, but only in a transient fashion. All authentication systems >>>>> that authenticate against a hash work this way, so no, there's no >>>>> security vulnerability. >>>>> >>>>> M >>>>> >>>>> -- >>>>> You are currently subscribed to [email protected] as: >>>>> [email protected] >>>>> >>>>> To unsubscribe, change settings or access archives, see >>>>> http://www.ja-sig.org/wiki/display/JSG/cas-user >>>>> >>>> >>>> >>>> >>>> -- >>>> * >>>> Ronen Itkin* >>>> Taykey | www.taykey.com >>>> >>>> -- >>>> You are currently subscribed to [email protected] as: >>>> [email protected] >>>> >>>> >>>> To unsubscribe, change settings or access archives, see >>>> http://www.ja-sig.org/wiki/display/JSG/cas-user >>>> >>>> >>> >>> >>> -- >>> Eric Pierce >>> Identity Management Architect >>> Information Technology >>> University of South Florida >>> (813) 974-8868 -- [email protected] >>> >>> -- >>> You are currently subscribed to [email protected] as: >>> [email protected] >>> To unsubscribe, change settings or access archives, see >>> http://www.ja-sig.org/wiki/display/JSG/cas-user >>> >>> >> >> >> -- >> * >> Ronen Itkin* >> Taykey | www.taykey.com >> >> -- >> You are currently subscribed to [email protected] as: [email protected] >> To unsubscribe, change settings or access archives, see >> http://www.ja-sig.org/wiki/display/JSG/cas-user >> >> > > > -- > Eric Pierce > Identity Management Architect > Information Technology > University of South Florida > (813) 974-8868 -- [email protected] > > -- > You are currently subscribed to [email protected] as: [email protected] > To unsubscribe, change settings or access archives, see > http://www.ja-sig.org/wiki/display/JSG/cas-user > > -- * Ronen Itkin* Taykey | www.taykey.com -- You are currently subscribed to [email protected] as: [email protected] To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user
