> Is there any value in providing a local implementation of this function
Not unless all other SQL functions are implemented on the Java side. Otherwise, people won't look for an implementation in Jooq, and find the Stackoverflow answer before they find the Jooq implementation. > so that the password string is not sent across the wire? That's generally good practice, yes. > The algo used is not that powerful as can be seen here > > http://www.diknows.com/2011/05/mysql-password-method-in-java/ I see. Just two rounds - not good. No salt - that's horrible. Jooq could implement this to help those who need to interoperate with existing legacy code and data that uses PASSWORD. Everybody else should be deterred from using that though, probably via a (link to a) warning that PASSWORD offers almost no security, roughly equivalent to a smallish speed bump, And that as of 2013, the recommendation is to employ PBDKF2 with an SHA-2 hash instead - warnings that don't tell people what to do instead aren't very helpful :-) -- You received this message because you are subscribed to the Google Groups "jOOQ User Group" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. For more options, visit https://groups.google.com/groups/opt_out.
