Just a thought but you might want to think about never decrypting a password. I would just compare the two encrypted version.
Just one extra safety step :) On 12/18/06, Clinton Begin <[EMAIL PROTECTED]> wrote:
Sorry Karen, I messed up in my explanation. I didn't fully read your SQL or your mapping. You can't do it directly like that. This is one of the few (perhaps the only?) type that iBATIS can't return directly. You'll need to create a class that has a byte[] property, "Password" for example. Since you're doing a number of operations for encryption and transformation from string to binary types, a Password class might be useful anyway. If you're in control of this database, I always recommend storing such things as hex in a CHAR or VARCHAR field, rather than binary. That way you could just map it to a string. It's way easier to deal with in every way, its no less secure and it's probably faster. If you're not in control of the database, you'll need to do as I suggested above. Cheers, Clinton On 12/18/06, Karen Koch < [EMAIL PROTECTED]> wrote: > > Re: your comments, Clinton, the field is not huge, and I just want to > grab a stored encrypted password in order to decrypt it and compare to the > user-entered password (part of a login procedure). > > Now, my latest problem: substituting "byte[]" in for the resultClass > yields a java.lang.ClassNotFoundException exception for byte[]. (I > forgot to mention having already attempted that.) > > <select id="getEncryptedPassword" resultClass="byte[]" > parameterClass="string"> > SELECT Password FROM EPLoginAccount WHERE EmailAddr = #value# > > Perhaps I'm not familiar with how to return an array from a statement. > A bit of help? > > Thanks again, > Karen > > *Clinton Begin <[EMAIL PROTECTED] >* wrote: > > Right. We don't make use of the JDBC Blob/Clob classes. So you have to > use a byte[] (byte array). > > However, if your BLOB is huge, you might want to stream it directly to > disk, or even directly to the browser. In this case you'll want to bypass > iBATIS, as it likely doesn't make sense to map huge data structures to > anything resident in memory. > > Cheers, > Clinton > > On 12/18/06, Karen Koch < [EMAIL PROTECTED]> wrote: > > > > Hello -- > > > > I think this is a simple one: What is the proper resultClass to use > > when returning only a single column (of BLOB type) as the result of a > > statement? SqlMaps doesn't seem to like "BLOB". > > > > <select id="getEncryptedPassword" resultClass=??? > > parameterClass="string"> > > SELECT Password FROM EPLoginAccount WHERE EmailAddr = #value# > > </select> > > > > Thanks! > > Karen Koch > > > > >
