Thank you. That was very informative. By now I've almost guessed that some sort of truncation occurs in MimeUtility, since most part of my hash and the James hash is the same and the extra characters that exists in "my" hash certainly looks like hash data and not some sort of padding.
Therefore I'm guessing that some sort of truncation do occur on the passwords stored by James. However, this really isn't a large problem, like you said. For those interested, the solution goes something like this: 1. I let James generate it's user and mail storage tables automatically. As a sidenote, I let it keep it's column naming scheme, and just map to the columns with a Object-Relational component similar to iBatis DBLayer. I keep it that way to minimize my interference with James database mapping, and (hopefully) make it simple to switch to future versions of James. 2. I add a method to my POJO User object getTruncatedPwdHash() that complements getPwdHash() and map the James pwdHash column to this method instead. 3. Whenever a user is updated, added or deleted, the user information is dumped into James' user table. This dump is a duplication of my "real" user tables. This is done this way to minimize the nesting of James tables and system tables, to keep a clean separation between the two systems. Ideally this also means that the James user table can get regenerated from the user table if the need arises. Regards Erik Beijnoff -----Ursprungligt meddelande----- Fr�n: Vincenzo Gianferrari Pini [mailto:[EMAIL PROTECTED] Skickat: 02 December 2003 13:48 Till: James Users List �mne: RE: Problem with trimmed SHA stored passwords in database Hello Erik, Months ago I incurred in your same problem using MD5, described among other things in the following message: http://www.mail-archive.com/[EMAIL PROTECTED]/msg04941.html My solution (with MD5) was simply to truncate the generated Base-64 string to 20 characters: in your case (using SHA) it would simply mean to truncate to 24 characters. Hope it helps, Vincenzo > -----Original Message----- > From: Erik Beijnoff [mailto:[EMAIL PROTECTED] > Sent: luned� 1 dicembre 2003 16.40 > To: [EMAIL PROTECTED] > Subject: Problem with trimmed SHA stored passwords in database > > > Hello. I'm using James connected to a SQL Server, storing the users in > a table. I'm having a trimming problem with the password hash > generated by James. After adding a user with telnet with the password > "testing", the key below is stored in the db: > > 3HJK8Y+91OWRifX+dopfgxFS > > However, when I generate the password directly from code, I get a > slightly longer hash: > > 3HJK8Y+91OWRifX+dopfgxFScFA= > > As you can see, the last few characters generated from my own code is > cropped in the password generated by James. This means that I'm having > a bit of a problem adding users with anything else then James and > telnet. Any idea why this occurrs and how to solve it? > > Regards Erik Beijnoff > > Password generating code below: > > ---------------------------------------------------------------------- > - > > String hashThis= "testing"; > > try { > > byte[] bytes= hashThis.getBytes("UTF-8"); > > java.security.MessageDigest messageDigest= > java.security.MessageDigest.getInstance("SHA"); > > messageDigest.update(bytes); > > > byte[] raw= messageDigest.digest(); > > > String hash = (new sun.misc.BASE64Encoder()).encode(raw); > > > System.out.println("Result:" + hash); > > } catch (java.security.NoSuchAlgorithmException ne) { > > // > > } catch (java.io.UnsupportedEncodingException ue) { > > // > > } > > ---------------------------------------------------------------------- > - > > > > --------------------------------------------------------------------- > To unsubscribe, e-mail: [EMAIL PROTECTED] > For additional commands, e-mail: [EMAIL PROTECTED] > --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
