We have to use the mysql encrypt() function to store passwords in a database. Does anybody know how to use java to verify if a password submitted by a user matches the mySQL encrypted password in the database please? Many thanks.
If you have a method in mysql to compare a value with an encrypted value column of your table, you can use the same method in SQL statement of your JDBC code. JDBC API simply passes SQL to the database. -Sainudheen
Joined: Jan 08, 2002
yes thanks, but it seems that every time the mysql encrypt( )function is called it returns something different. For example select encrypt("password"); run several times will return a different value each time.
I would suggest using the MD5 function in MySQL to store the passwords. This ensures a standard hash for any 3rd party app that must authenticate to the database somehow. Usage of the MD5 function can be found here When you use the encrypt function, it is using the same thing as the UNIX crypt command which requires a "salt" to be given to the algorithm. The salt is not required, so when you don't provide the "salt" I think MySQL randomly chooses one for you. So that is probably why it is different everytime.