AES sounds to me like you are using encryption instead of hashing. If you have a requirement to be able to decrypt the password, that's fine, but otherwise you should hash it instead of encrypt it.
As to the exception handling, I'm not sure which front-end you are using. In a Tapestry 5 application, I'd catch the exception in setPassword() and set the password to null and then in my onValidate* type methods for T5 I'd check if the password was null and handle it there. mrg On Mon, Jan 25, 2010 at 3:00 AM, Nishant Neeraj <[email protected]> wrote: > Right, thanks. I've got this part, and I am using Key-based AES encryption. > However, I have another question -- not directly related to the subject of > the thread. It's about throwing exception in sub-classes. > > Take this case > > public setPassword(String plaintextPassword) > > { > > String hashedPassword = > EncryptionUtilThatThrowsException(plaintextPassword); > > super.setPassword(hashedPassword); > > } > > > Here, I can't throw the Exception and I have to handle it here -- but all I > want is to throw the checked exceptions to front-end (calling class) and let > front end to decide what to do with it. > > Is there any way to to do this? > > Thanks > Nishant > --- On Mon, 25/1/10, Michael Gentry <[email protected]> wrote: > > From: Michael Gentry <[email protected]> > Subject: Re: Using MySQL Encryption Function to Store Password > To: [email protected] > Date: Monday, 25 January, 2010, 10:05 AM > > If you happen to be using the Apache Commons Codec package, you can > use DigestUtils to simplify hashing the password. (You don't actually > want to encrypt the password, just hash it). In your subclass (the > non-underscore one), add something like: > > public setPassword(String plaintextPassword) > { > String hashedPassword = DigestUtils.sha256Hex(plaintextPassword); > super.setPassword(hashedPassword); > } > > Here is the JavaDoc for DigestUtils: > > http://commons.apache.org/codec/api-release/org/apache/commons/codec/digest/DigestUtils.html > > Be sure your password field is big enough. For SHA-266, I think you'd > need 64 characters. > > mrg > > > On Sat, Jan 23, 2010 at 9:37 PM, Joe Baldwin <[email protected]> wrote: >> Hi, >> >> I had this very same question some time ago, and the overwhelming opinion >> was to use the Java encryption over a DBMS-specific solution. I am using the >> javax.crypto package. I handle the encryption with a wrapper class and >> simply store the resulting string in the database using standard Cayenne. >> >> I now agree with all of those people who suggested that I go with the >> standard Java encryption vs MySQL. >> >> Hope this helps, >> Joe >> >> >> On Jan 23, 2010, at 3:34 PM, Nishant Neeraj wrote: >> >>> Hi, >>> >>> Is there a way in Cayenne to use MySQL's encryption functions to store >>> encrypt and store password? >>> >>> Thanks >>> -Nishant >>> >>> >>> Your Mail works best with the New Yahoo Optimized IE8. Get it NOW! >>> http://downloads.yahoo.com/in/internetexplorer/ >> >> > > > > The INTERNET now has a personality. YOURS! See your Yahoo! Homepage. > http://in.yahoo.com/
