Re: Using MySQL Encryption Function to Store Password

From: Nishant Neeraj (nneeraj12..ahoo.com)
Date: Mon Jan 25 2010 - 03:00:29 EST

Next message: Michael Gentry: "Re: Using MySQL Encryption Function to Store Password"

Previous message: Michael Gentry: "Re: Using MySQL Encryption Function to Store Password"
In reply to: Michael Gentry: "Re: Using MySQL Encryption Function to Store Password"
Next in thread: Michael Gentry: "Re: Using MySQL Encryption Function to Store Password"
Reply: Michael Gentry: "Re: Using MySQL Encryption Function to Store Password"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Right, thanks. I've got this part, and I am using Key-based AES encryption.�
However, I have another question -- not directly related to the subject of the thread. It's about throwing exception in sub-classes.

Take this case

public setPassword(String plaintextPassword)

{

� � String hashedPassword = EncryptionUtilThatThrowsException(plaintextPassword);

� � super.setPassword(hashedPassword);

}

Here, I can't throw the Exception and I have to handle it here -- but all I want is to throw the checked exceptions to front-end (calling class) and let front end to decide what to do with it.

Is there any way to to do this?

Thanks
Nishant
--- On Mon, 25/1/10, Michael Gentry <mgentr..asslight.net> wrote:

From: Michael Gentry <mgentr..asslight.net>
Subject: Re: Using MySQL Encryption Function to Store Password
To: use..ayenne.apache.org
Date: Monday, 25 January, 2010, 10:05 AM

If you happen to be using the Apache Commons Codec package, you can
use DigestUtils to simplify hashing the password.� (You don't actually
want to encrypt the password, just hash it).� In your subclass (the
non-underscore one), add something like:

public setPassword(String plaintextPassword)
{
� � String hashedPassword = DigestUtils.sha256Hex(plaintextPassword);
� � super.setPassword(hashedPassword);
}

Here is the JavaDoc for DigestUtils:

http://commons.apache.org/codec/api-release/org/apache/commons/codec/digest/DigestUtils.html

Be sure your password field is big enough.� For SHA-266, I think you'd
need 64 characters.

mrg

On Sat, Jan 23, 2010 at 9:37 PM, Joe Baldwin <jfbaldwi..arthlink.net> wrote:
> Hi,
>
> I had this very same question some time ago, and the overwhelming opinion was to use the Java encryption over a DBMS-specific solution. I am using the javax.crypto package. �I handle the encryption with a wrapper class and simply store the resulting string in the database using standard Cayenne.
>
> I now agree with all of those people who suggested that I go with the standard Java encryption vs MySQL.
>
> Hope this helps,
> Joe
>
>
> On Jan 23, 2010, at 3:34 PM, Nishant Neeraj wrote:
>
>> Hi,
>>
>> Is there a way in Cayenne to use MySQL's encryption functions to store encrypt and store password?
>>
>> Thanks
>> -Nishant
>>
>>
>> � � �Your Mail works best with the New Yahoo Optimized IE8. Get it NOW! http://downloads.yahoo.com/in/internetexplorer/
>
>

Next message: Michael Gentry: "Re: Using MySQL Encryption Function to Store Password"
Previous message: Michael Gentry: "Re: Using MySQL Encryption Function to Store Password"
In reply to: Michael Gentry: "Re: Using MySQL Encryption Function to Store Password"
Next in thread: Michael Gentry: "Re: Using MySQL Encryption Function to Store Password"
Reply: Michael Gentry: "Re: Using MySQL Encryption Function to Store Password"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2.0.0 : Mon Jan 25 2010 - 03:03:06 EST