cayenne-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Nishant Neeraj <nneeraj...@yahoo.com>
Subject Re: Using MySQL Encryption Function to Store Password
Date Mon, 25 Jan 2010 08:00:29 GMT
Right, thanks. I've got this part, and I am using Key-based AES encryption. 
However, I have another question -- not directly related to the subject of the thread. It's
about throwing exception in sub-classes.

Take this case

public setPassword(String plaintextPassword)

{

    String hashedPassword = EncryptionUtilThatThrowsException(plaintextPassword);

    super.setPassword(hashedPassword);

}


Here, I can't throw the Exception and I have to handle it here -- but all I want is to throw
the checked exceptions to front-end (calling class) and let front end to decide what to do
with it.

Is there any way to to do this?

Thanks
Nishant
--- On Mon, 25/1/10, Michael Gentry <mgentry@masslight.net> wrote:

From: Michael Gentry <mgentry@masslight.net>
Subject: Re: Using MySQL Encryption Function to Store Password
To: user@cayenne.apache.org
Date: Monday, 25 January, 2010, 10:05 AM

If you happen to be using the Apache Commons Codec package, you can
use DigestUtils to simplify hashing the password.  (You don't actually
want to encrypt the password, just hash it).  In your subclass (the
non-underscore one), add something like:

public setPassword(String plaintextPassword)
{
    String hashedPassword = DigestUtils.sha256Hex(plaintextPassword);
    super.setPassword(hashedPassword);
}

Here is the JavaDoc for DigestUtils:

http://commons.apache.org/codec/api-release/org/apache/commons/codec/digest/DigestUtils.html

Be sure your password field is big enough.  For SHA-266, I think you'd
need 64 characters.

mrg


On Sat, Jan 23, 2010 at 9:37 PM, Joe Baldwin <jfbaldwin@earthlink.net> wrote:
> Hi,
>
> I had this very same question some time ago, and the overwhelming opinion was to use
the Java encryption over a DBMS-specific solution. I am using the javax.crypto package.  I
handle the encryption with a wrapper class and simply store the resulting string in the database
using standard Cayenne.
>
> I now agree with all of those people who suggested that I go with the standard Java encryption
vs MySQL.
>
> Hope this helps,
> Joe
>
>
> On Jan 23, 2010, at 3:34 PM, Nishant Neeraj wrote:
>
>> Hi,
>>
>> Is there a way in Cayenne to use MySQL's encryption functions to store encrypt and
store password?
>>
>> Thanks
>> -Nishant
>>
>>
>>      Your Mail works best with the New Yahoo Optimized IE8. Get it NOW! http://downloads.yahoo.com/in/internetexplorer/
>
>



      The INTERNET now has a personality. YOURS! See your Yahoo! Homepage. http://in.yahoo.com/
Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message