Board index » jbuilder » MySQL and Password Hashing help

MySQL and Password Hashing help


2004-10-29 10:18:27 PM
jbuilder21
I am trying to write a program that connects to a MySQL Database. The
problem is that the users where created using either MySQL's PASSWORD()
function or with the Administrator program and/or navicat. I know they
encrypt the passwords so my question is how can I hash/encrypt the
program so that the password matches the one stored in MySQL?
Matthew
 
 

Re:MySQL and Password Hashing help

Matthew wrote:
Quote
I am trying to write a program that connects to a MySQL Database. The
problem is that the users where created using either MySQL's PASSWORD()
function or with the Administrator program and/or navicat. I know they
encrypt the passwords so my question is how can I hash/encrypt the
program so that the password matches the one stored in MySQL?

Matthew
You gather the password you are trying to validate in a standard
JPassword field. Then you test it against mySQL with something like:
public boolean checkLogin(String username, String password) {
boolean isGood = false;
try {
// check using PASSWORD(), then SHA1(), then straight
String select = "SELECT us_id FROM user WHERE us_userlogin = '" +
username +
"' AND (us_password = PASSWORD('" +
password +
"') " +
" OR us_password = SHA1('" +
password +
"') " +
" OR us_password = '" +
password +
"')";
ResultSet userResult = comStmt.executeQuery(select);
if (userResult.next()) {
// Validation has occurred, do what is necessary
isGood = true;
} else {
// Didn't match username/passworde
}
} catch (SQLException e) {
<handle exception here>
}
return isGood;
}
Whether you use PASSWORD, or SHA1 is up to how the data was originally
encryped.
Tad Frysinger
(TeamB)