Re: Using MySQL Encryption Function to Store Password

Mon, 25 Jan 2010 00:01:08 -0800 

Right, thanks. I've got this part, and I am using Key-based AES encryption. 
However, I have another question -- not directly related to the subject of the 
thread. It's about throwing exception in sub-classes.

Take this case

public setPassword(String plaintextPassword)

{

    String hashedPassword = 
EncryptionUtilThatThrowsException(plaintextPassword);

    super.setPassword(hashedPassword);

}


Here, I can't throw the Exception and I have to handle it here -- but all I 
want is to throw the checked exceptions to front-end (calling class) and let 
front end to decide what to do with it.

Is there any way to to do this?

Thanks
Nishant
--- On Mon, 25/1/10, Michael Gentry <[email protected]> wrote:

From: Michael Gentry <[email protected]>
Subject: Re: Using MySQL Encryption Function to Store Password
To: [email protected]
Date: Monday, 25 January, 2010, 10:05 AM

If you happen to be using the Apache Commons Codec package, you can
use DigestUtils to simplify hashing the password.  (You don't actually
want to encrypt the password, just hash it).  In your subclass (the
non-underscore one), add something like:

public setPassword(String plaintextPassword)
{
    String hashedPassword = DigestUtils.sha256Hex(plaintextPassword);
    super.setPassword(hashedPassword);
}

Here is the JavaDoc for DigestUtils:

http://commons.apache.org/codec/api-release/org/apache/commons/codec/digest/DigestUtils.html

Be sure your password field is big enough.  For SHA-266, I think you'd
need 64 characters.

mrg


On Sat, Jan 23, 2010 at 9:37 PM, Joe Baldwin <[email protected]> wrote:
> Hi,
>
> I had this very same question some time ago, and the overwhelming opinion was 
> to use the Java encryption over a DBMS-specific solution. I am using the 
> javax.crypto package.  I handle the encryption with a wrapper class and 
> simply store the resulting string in the database using standard Cayenne.
>
> I now agree with all of those people who suggested that I go with the 
> standard Java encryption vs MySQL.
>
> Hope this helps,
> Joe
>
>
> On Jan 23, 2010, at 3:34 PM, Nishant Neeraj wrote:
>
>> Hi,
>>
>> Is there a way in Cayenne to use MySQL's encryption functions to store 
>> encrypt and store password?
>>
>> Thanks
>> -Nishant
>>
>>
>>      Your Mail works best with the New Yahoo Optimized IE8. Get it NOW! 
>> http://downloads.yahoo.com/in/internetexplorer/
>
>



      The INTERNET now has a personality. YOURS! See your Yahoo! Homepage. 
http://in.yahoo.com/

Reply via email to