You are viewing a plain text version of this content. The canonical link for it is here.
Posted to user@cayenne.apache.org by Nishant Neeraj <nn...@yahoo.com> on 2010/01/23 21:34:47 UTC
Using MySQL Encryption Function to Store Password
Hi,
Is there a way in Cayenne to use MySQL's encryption functions to store encrypt and store password?
Thanks
-Nishant
Your Mail works best with the New Yahoo Optimized IE8. Get it NOW! http://downloads.yahoo.com/in/internetexplorer/
Re: Using MySQL Encryption Function to Store Password
Posted by Michael Gentry <mg...@masslight.net>.
AES sounds to me like you are using encryption instead of hashing. If
you have a requirement to be able to decrypt the password, that's
fine, but otherwise you should hash it instead of encrypt it.
As to the exception handling, I'm not sure which front-end you are
using. In a Tapestry 5 application, I'd catch the exception in
setPassword() and set the password to null and then in my onValidate*
type methods for T5 I'd check if the password was null and handle it
there.
mrg
On Mon, Jan 25, 2010 at 3:00 AM, Nishant Neeraj <nn...@yahoo.com> wrote:
> Right, thanks. I've got this part, and I am using Key-based AES encryption.
> However, I have another question -- not directly related to the subject of the thread. It's about throwing exception in sub-classes.
>
> Take this case
>
> public setPassword(String plaintextPassword)
>
> {
>
> String hashedPassword = EncryptionUtilThatThrowsException(plaintextPassword);
>
> super.setPassword(hashedPassword);
>
> }
>
>
> Here, I can't throw the Exception and I have to handle it here -- but all I want is to throw the checked exceptions to front-end (calling class) and let front end to decide what to do with it.
>
> Is there any way to to do this?
>
> Thanks
> Nishant
> --- On Mon, 25/1/10, Michael Gentry <mg...@masslight.net> wrote:
>
> From: Michael Gentry <mg...@masslight.net>
> Subject: Re: Using MySQL Encryption Function to Store Password
> To: user@cayenne.apache.org
> Date: Monday, 25 January, 2010, 10:05 AM
>
> If you happen to be using the Apache Commons Codec package, you can
> use DigestUtils to simplify hashing the password. (You don't actually
> want to encrypt the password, just hash it). In your subclass (the
> non-underscore one), add something like:
>
> public setPassword(String plaintextPassword)
> {
> String hashedPassword = DigestUtils.sha256Hex(plaintextPassword);
> super.setPassword(hashedPassword);
> }
>
> Here is the JavaDoc for DigestUtils:
>
> http://commons.apache.org/codec/api-release/org/apache/commons/codec/digest/DigestUtils.html
>
> Be sure your password field is big enough. For SHA-266, I think you'd
> need 64 characters.
>
> mrg
>
>
> On Sat, Jan 23, 2010 at 9:37 PM, Joe Baldwin <jf...@earthlink.net> wrote:
>> Hi,
>>
>> I had this very same question some time ago, and the overwhelming opinion was to use the Java encryption over a DBMS-specific solution. I am using the javax.crypto package. I handle the encryption with a wrapper class and simply store the resulting string in the database using standard Cayenne.
>>
>> I now agree with all of those people who suggested that I go with the standard Java encryption vs MySQL.
>>
>> Hope this helps,
>> Joe
>>
>>
>> On Jan 23, 2010, at 3:34 PM, Nishant Neeraj wrote:
>>
>>> Hi,
>>>
>>> Is there a way in Cayenne to use MySQL's encryption functions to store encrypt and store password?
>>>
>>> Thanks
>>> -Nishant
>>>
>>>
>>> Your Mail works best with the New Yahoo Optimized IE8. Get it NOW! http://downloads.yahoo.com/in/internetexplorer/
>>
>>
>
>
>
> The INTERNET now has a personality. YOURS! See your Yahoo! Homepage. http://in.yahoo.com/
Re: Using MySQL Encryption Function to Store Password
Posted by Nishant Neeraj <nn...@yahoo.com>.
Right, thanks. I've got this part, and I am using Key-based AES encryption.
However, I have another question -- not directly related to the subject of the thread. It's about throwing exception in sub-classes.
Take this case
public setPassword(String plaintextPassword)
{
String hashedPassword = EncryptionUtilThatThrowsException(plaintextPassword);
super.setPassword(hashedPassword);
}
Here, I can't throw the Exception and I have to handle it here -- but all I want is to throw the checked exceptions to front-end (calling class) and let front end to decide what to do with it.
Is there any way to to do this?
Thanks
Nishant
--- On Mon, 25/1/10, Michael Gentry <mg...@masslight.net> wrote:
From: Michael Gentry <mg...@masslight.net>
Subject: Re: Using MySQL Encryption Function to Store Password
To: user@cayenne.apache.org
Date: Monday, 25 January, 2010, 10:05 AM
If you happen to be using the Apache Commons Codec package, you can
use DigestUtils to simplify hashing the password. (You don't actually
want to encrypt the password, just hash it). In your subclass (the
non-underscore one), add something like:
public setPassword(String plaintextPassword)
{
String hashedPassword = DigestUtils.sha256Hex(plaintextPassword);
super.setPassword(hashedPassword);
}
Here is the JavaDoc for DigestUtils:
http://commons.apache.org/codec/api-release/org/apache/commons/codec/digest/DigestUtils.html
Be sure your password field is big enough. For SHA-266, I think you'd
need 64 characters.
mrg
On Sat, Jan 23, 2010 at 9:37 PM, Joe Baldwin <jf...@earthlink.net> wrote:
> Hi,
>
> I had this very same question some time ago, and the overwhelming opinion was to use the Java encryption over a DBMS-specific solution. I am using the javax.crypto package. I handle the encryption with a wrapper class and simply store the resulting string in the database using standard Cayenne.
>
> I now agree with all of those people who suggested that I go with the standard Java encryption vs MySQL.
>
> Hope this helps,
> Joe
>
>
> On Jan 23, 2010, at 3:34 PM, Nishant Neeraj wrote:
>
>> Hi,
>>
>> Is there a way in Cayenne to use MySQL's encryption functions to store encrypt and store password?
>>
>> Thanks
>> -Nishant
>>
>>
>> Your Mail works best with the New Yahoo Optimized IE8. Get it NOW! http://downloads.yahoo.com/in/internetexplorer/
>
>
The INTERNET now has a personality. YOURS! See your Yahoo! Homepage. http://in.yahoo.com/
Re: Using MySQL Encryption Function to Store Password
Posted by Michael Gentry <mg...@masslight.net>.
If you happen to be using the Apache Commons Codec package, you can
use DigestUtils to simplify hashing the password. (You don't actually
want to encrypt the password, just hash it). In your subclass (the
non-underscore one), add something like:
public setPassword(String plaintextPassword)
{
String hashedPassword = DigestUtils.sha256Hex(plaintextPassword);
super.setPassword(hashedPassword);
}
Here is the JavaDoc for DigestUtils:
http://commons.apache.org/codec/api-release/org/apache/commons/codec/digest/DigestUtils.html
Be sure your password field is big enough. For SHA-266, I think you'd
need 64 characters.
mrg
On Sat, Jan 23, 2010 at 9:37 PM, Joe Baldwin <jf...@earthlink.net> wrote:
> Hi,
>
> I had this very same question some time ago, and the overwhelming opinion was to use the Java encryption over a DBMS-specific solution. I am using the javax.crypto package. I handle the encryption with a wrapper class and simply store the resulting string in the database using standard Cayenne.
>
> I now agree with all of those people who suggested that I go with the standard Java encryption vs MySQL.
>
> Hope this helps,
> Joe
>
>
> On Jan 23, 2010, at 3:34 PM, Nishant Neeraj wrote:
>
>> Hi,
>>
>> Is there a way in Cayenne to use MySQL's encryption functions to store encrypt and store password?
>>
>> Thanks
>> -Nishant
>>
>>
>> Your Mail works best with the New Yahoo Optimized IE8. Get it NOW! http://downloads.yahoo.com/in/internetexplorer/
>
>
Re: Using MySQL Encryption Function to Store Password
Posted by Joe Baldwin <jf...@earthlink.net>.
Hi,
I had this very same question some time ago, and the overwhelming opinion was to use the Java encryption over a DBMS-specific solution. I am using the javax.crypto package. I handle the encryption with a wrapper class and simply store the resulting string in the database using standard Cayenne.
I now agree with all of those people who suggested that I go with the standard Java encryption vs MySQL.
Hope this helps,
Joe
On Jan 23, 2010, at 3:34 PM, Nishant Neeraj wrote:
> Hi,
>
> Is there a way in Cayenne to use MySQL's encryption functions to store encrypt and store password?
>
> Thanks
> -Nishant
>
>
> Your Mail works best with the New Yahoo Optimized IE8. Get it NOW! http://downloads.yahoo.com/in/internetexplorer/