Win a copy of Micro Frontends in Action this week in the Server-Side JavaScript and NodeJS forum!
  • Post Reply Bookmark Topic Watch Topic
  • New Topic
programming forums Java Mobile Certification Databases Caching Books Engineering Micro Controllers OS Languages Paradigms IDEs Build Tools Frameworks Application Servers Open Source This Site Careers Other all forums
this forum made possible by our volunteer staff, including ...
Marshals:
  • Campbell Ritchie
  • Ron McLeod
  • Paul Clapham
  • Bear Bibeault
  • Junilu Lacar
Sheriffs:
  • Jeanne Boyarsky
  • Tim Cooke
  • Henry Wong
Saloon Keepers:
  • Tim Moores
  • Stephan van Hulst
  • Tim Holloway
  • salvin francis
  • Frits Walraven
Bartenders:
  • Scott Selikoff
  • Piet Souris
  • Carey Brown

Problem while retrieving values from table

 
Ranch Hand
Posts: 138
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
I am storing password in encrypted form in mysql. Now when the user logsin back, I am retrieving those values from the table and comparing those values with the encrypted value of the password of the user who is trying to login but the problem is that I am getting different values from my tables.

I have used rs.getString ("password")
where password is the field name.

This value is in the table
���7�����]�����7vg�
But the retrieved value is
???7???]???7vg?

Why is it so?
 
Greenhorn
Posts: 6
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Did you decrypt the password after retriving it from the table?
Just check it.
 
Ranch Hand
Posts: 1228
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Even I faced this problem when i used Oracle.

I think, When you retrive the encrypted data from DB in java code,
since java dosent support those characters it's replaced by '?' or something.

What you can do is decrypt the password and return it to java, let java compare this with the one user has entered.

Let see what others say ..

Ps: In my case I have encrypted the password in the database.
like insert into emp values ( 12,encrypt('passwrd' ) )
[ December 20, 2005: Message edited by: Srinivasa Raghavan ]
 
Hemant Agarwal
Ranch Hand
Posts: 138
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
But I want to store in encrypting form in my tables
 
Srinivasa Raghavan
Ranch Hand
Posts: 1228
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Yes,

The insert statement in the above post will encrypt the data and store it in the DB.

insert into emp values ( 10, encrypt ('passwd') );

Select decrypt(password) from emp where id = 10
 
Java Cowboy
Posts: 16084
88
Android Scala IntelliJ IDE Spring Java
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Like I explained in the Beginner forum where you double posted this question, you shouldn't store non-text, such as your encrypted password, in a text-based column type in the database.

You could use Base64 encoding to change the encrypted password into ASCII characters. The Apache Jakarta Commons Codec library contains a class to do Base64 encoding and decoding.
 
Hemant Agarwal
Ranch Hand
Posts: 138
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
But I want to store binary values. What type of field should I use in mySQL?
 
Jesper de Jong
Java Cowboy
Posts: 16084
88
Android Scala IntelliJ IDE Spring Java
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
See chapter 11 of the MySQL manual. You'll probably want to use BINARY or VARBINARY.

Quote:
"The BINARY and VARBINARY types are similar to CHAR and VARCHAR, except that they contain binary strings rather than non-binary strings. That is, they contain byte strings rather than character strings. This means that they have no character set, and sorting and comparison is based on the numeric values of the bytes in column values."
 
Ranch Hand
Posts: 1780
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
A couple points.
1. A agree with the previous posts about binary != text.
2. For things like passwords, you can use a one-way *digest* (MessageDigest) instead of an encryption because there is usually no need to decrypt passwords -- it's enough to digest what the user types in and then compare it to the original digested password.
3. It's a good idea not to store *just* the password, either encrypted or digested. That is because jim could notice that both he and sally have the same stored value in the password column, therefore he and sally must have the same password! I usually combine the password and username when digesting.
 
The harder I work, the luckier I get. -Sam Goldwyn So tiny. - this ad:
Building a Better World in your Backyard by Paul Wheaton and Shawn Klassen-Koop
https://coderanch.com/wiki/718759/books/Building-World-Backyard-Paul-Wheaton
reply
    Bookmark Topic Watch Topic
  • New Topic