-
1. Re: hashAlgorithm for DatabaseServerLoginModule
aroller Mar 20, 2002 7:41 PM (in response to aroller)More information:
When I have the password column set to BLOB and I don't use encryption the login works successfully. MySQL Front database utility shows the blob is being stored as the password I have entered (text view of a BLOB).
So I could only assume that the encryption is the point of failure. How do I hash the clear text password and save it so that the DatabaseServerLoginModule can successfully compare it's hashed version? Am I using HEX or Base64 (neither work). -
2. Re: hashAlgorithm for DatabaseServerLoginModule
jwkaltz Mar 21, 2002 6:14 AM (in response to aroller)My understanding is, you don't hash the password yourself, it is passed as clear-text to the login module; if you configured the login module to use hashing, then it will hash the password itself, and compare it to whatever the database returns for password, as a string compare.
The easiest and quickest way to see exactly what's going on, is to inspect the DatabaseServerLoginModule.java, perhaps add some debug messages. This is easy to do, and one of the great advantages of an open-source product :) -
3. Re: hashAlgorithm for DatabaseServerLoginModule
luke_t Mar 21, 2002 4:44 PM (in response to aroller)> So I could only assume that the encryption is the point of failure.
>How do I hash the clear text password and save it so that the DatabaseServerLoginModule can successfully compare it's hashed version?
> Am I using HEX or Base64 (neither work).
The hashing is implemented in UsernamePasswordLoginModule, so it doesn't know anything about the database and deals with string hashes exclusively. These should be either hex or base64 encoded - are you encoding the hashes to a base64 or hex string (tomcat 4 style) before storing them in the database?
There is a static "createPasswordHash" method in the org.jboss.security.Util class which you can use:
public static String createPasswordHash(String hashAlgorithm, String hashEncoding, String hashCharset, String username, String password)