-
1. Re: Storing Password as MD5 Hash
fhh Jul 31, 2007 7:17 AM (in response to blackers)It is common to put the encryption method into curly brackets and prepend that to the hash to show whether it is plaintext or a hash.
Regards
Felix -
2. Re: Storing Password as MD5 Hash
karl.martens Jul 31, 2007 10:47 AM (in response to blackers)An alternative to appending something to the encrypted password string that you can check to determine if the password requires encryption or not is to change the access method from PROPERTY to FIELD (map the fields instead of the getter method).
This will allow the persistence provider to inject the value as stored in the database on the field and allow you to define behaviour to the getter and setter methods independently; allowing you to encrypt the data. Each entity can only have a single access method; so you'll have to make the same change for all your mapped columns in this entity.
For a two-way hash my preference is to create a user type that encrypts and decrypts the data as it is sent to or retrieved from the database. (Hibernate specific)@Column(name = "password", nullable = false, length = 255) private String password; public String getPassword() { return this.password; } public void setPassword(String password) { this.password = Util.createPasswordHash("MD5", Util.BASE64_ENCODING, null, null, password); }
-
3. Re: Storing Password as MD5 Hash
genman Jul 31, 2007 7:32 PM (in response to blackers)What I have often done with entities is create a setter, such as "setUnencryptedPassword" and made a getter (dummy) that is marked @Transient.
-
4. Re: Storing Password as MD5 Hash
blackers Jul 31, 2007 10:54 PM (in response to blackers)Thanks for all your help. I have used Karl's method and it is now working as I would have liked.