java - Hashed passwords updated through JDBC become corrupt. (More of encoding problem than hashing) -

-

i've tried following mysql utf-8 , latin-1, no avail.

i hash passwords (in case tosecurify) using sha-1 so:

  if(tosecurify == null) {    throw new exception("tosecurifystring must not null");   }   try {    messagedigest messagedigest = messagedigest.getinstance("sha-1");    byte[] sha1hashbytes = new byte[40];    messagedigest.update(tosecurify.getbytes(), 0, tosecurify.length());    sha1hashbytes = messagedigest.digest();    return new string(sha1hashbytes, "utf-8");   } catch(nosuchalgorithmexception nsae) {    throw new exception("hash algorithm not supported.");   } catch(unsupportedencodingexception uee) {    throw new exception("encoding not supported.");   }

then store in mysql database password column.

now here's tricky part can query db kind of like: there record 

username=<insertusername> , password = thathashfunctionupthere(<insertpassword>);

this works great.

but now, updating records looks this:

string username = somejdbcstufftogetusername(); string password = somejdbcstufftogetpassword();  update(username, password);

the password has changed! corrupts passwords. it's on way out (when querying it) gets corrupted, never on way in. because inserts , queries work great, when value out set again, corrupts it, must on way out.

does have thoughts? on way out should encoding issues?

thanks in advance guys!

there's flaw in code.

return new string(sha1hashbytes, "utf-8");

you shouldn't treating bytes characters. should in fact convert every byte 2-character hexstring. e.g.

stringbuilder hex = new stringbuilder(sha1hashbytes.length * 2); (byte b : sha1hashbytes) {     if ((b & 0xff) < 0x10) hex.append("0");     hex.append(integer.tohexstring(b & 0xff)); } return hex.tostring();

but, better use mysql's own sha1() function. on insert do:

string sql = "insert user (username, password) values (?, sha1(?))"; // ... preparedstatement = connection.preparestatement(sql); preparedstatement.setstring(username); preparedstatement.setstring(password); // 1 should unhashed!! int affectedrows = preparedstatement.executeupdate(); // ...

and on update:

string sql = "update user set username = ?, password = sha1(?) id = ?"; // ... preparedstatement = connection.preparestatement(sql); preparedstatement.setstring(username); preparedstatement.setstring(password); // 1 should unhashed!! preparedstatement.setlong(id); int affectedrows = preparedstatement.executeupdate(); // ...

and on select:

string sql = "select * user username = ? , password = sha1(?)"; // ... preparedstatement = connection.preparestatement(sql); preparedstatement.setstring(username); preparedstatement.setstring(password); // 1 should unhashed!! resultset = preparedstatement.executequery(); // ...

see also:


Comments

Post a Comment

Popular posts from this blog

ASP.NET/SQL find the element ID and update database -

-
basically i've got update query runs when click submit button. i have asp:repeater in page layer inside this <asp:repeater id="dgbookings" runat="server" onitemdatabound="itemdb"> <itemtemplate> <div class="bookingscontent"> <div class="bookingdetails" id="<%# databinder.eval(container.dataitem, "booking_ref") %>"> <p class="infotext"><%# databinder.eval(container.dataitem, "adults") %> <asp:linkbutton onclick="editdetails" text="edit..." runat="server"></asp:linkbutton></p> <p class="infotext"><asp:linkbutton onclick="submitdetails" text="submit..." runat="server"></asp:linkbutton></p> </div> </div> </itemtemplate> <asp:repeater> and outputs ...
Read more

jquery - appear modal windows bottom -

-
i have modal windows in application, work fine <div id="modal" class="modal hide fade" tabindex="-1" role="dialog" aria-labelledby="mymodallabel" aria-hidden="true"> but when modal appears, appear top of windows, , want appear bottom the application joomla 3.0! , using template of meet gavern any idea? i found solution i modified de css in bootstrap .modal.fade { top:-25%; -webkit-transition:opacity .3s linear, bottom .3s ease-out; -moz-transition:opacity .3s linear, bottom .3s ease-out; -ms-transition:opacity .3s linear, bottom .3s ease-out; -o-transition:opacity .3s linear, bottom .3s ease-out; transition:opacity .3s linear, bottom .3s ease-out; }
Read more

c++ - Compiling static TagLib 1.6.3 libraries for Windows -

-
i having super hard time compiling , using taglib 1.6.3 in qt project. i've tried can think of. taglib claims supported through cmake i'm not having luck. furthermore, i'm confused kinds of files need qt libs! i've built *.a files, *.lib, , *.dll. understand far... believe since i'm working in windows *.lib want. no matter do, end "undefined references" taglib functions try use when try compile qt project. have tried mingw32, msys, visual studio 2008, , cross-compiling windows on linux. turning nothing. what makes less sense me if compile same taglib source qt on mac (g++ think?) works fine! somewhere in windows compilation procedures have going wrong. have been smacking face on desk 30 (on , off) hours trying figure out. since qt uses mingw must compile taglib same compiler? if compile *.lib's visual studio not compatible? are *.a libraries usable in windows? (assuming mingw) i'm still trying handle on c++ stuff, after reading coun...
Read more