Win a copy of Re-engineering Legacy Software this week in the Refactoring forum
or Docker in Action in the Agile forum!
  • Post Reply
  • Bookmark Topic Watch Topic
  • New Topic

Encrypting Password in Database

 
Shailesh Pillai
Ranch Hand
Posts: 78
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Hello Ranchers,
I want to encrypt the passwords that i am storing in my database. How can I achieve this?

Does anyone have the code or can anyone suggest any URL where I can get MD5 algorithm to encrypt passwords that I am storing in my database.
 
Jan Cumps
Bartender
Posts: 2584
11
C++ Linux Netbeans IDE
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Originally posted by Shailesh Pillai:
Hello Ranchers,
I want to encrypt the passwords that i am storing in my database. How can I achieve this?

Does anyone have the code or can anyone suggest any URL where I can get MD5 algorithm to encrypt passwords that I am storing in my database.


The Tomcat code for RealmBase is a good reference.
http://svn.apache.org/repos/asf/tomcat/tc6.0.x/trunk/java/org/apache/catalina/realm/RealmBase.java

It's main() is a good starting point to see how you can get an encrypted password.

And it's authenticate(String username, String credentials) is a good starting point to see how you can do the matching.

Regards, Jan
 
Kaustabh Singha Roy
Ranch Hand
Posts: 43
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Many databases like PostgreSQL has built in functions for performing a MD5 encoding. Check your database carefully.

At http://www.jonh.net/~jonh/md5/MD5.java you will get a working implementation in java.

Enjoy.
[ February 13, 2007: Message edited by: Kaustabh Singha Roy ]
 
Ulf Dittmer
Rancher
Pie
Posts: 42967
73
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Note that MD5 is not a cipher (an "encryption"), but a hash. Once something has been run through MD5, there is no way of getting back the original text. The best you can do is run something else through MD5, and then compare the result with the original hash. That may or may not be what you're looking for.
 
D Rog
Ranch Hand
Posts: 472
Linux Objective C Ubuntu
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Secret key based algorithms are also weak because it's difficult to keep a key safe. I use custom code based encryption which makes it not easy to break.
 
  • Post Reply
  • Bookmark Topic Watch Topic
  • New Topic