A bit off-topic, but:
A good method is using a SHA-Hash of the password like this:
public static String encryptPassword(String pstrPassword) {
MessageDigest sha = MessageDigest.getInstance("SHA");
sha.update(pstrPassword.getBytes());
byte abytHash[] = sha.digest();
StringBuffer strEncrypt = new StringBuffer();
for (int intIndex=0; intIndex<abytHash.length; intIndex++) {
String strHex = Integer.toHexString(Math.abs(abytHash[intIndex]));
if (strHex.length()==1)
strEncrypt.append("0");
strEncrypt.append(strHex);
}
return strEncrypt.toString();
}
In this way it is not possible to get the password out of the database again, but if
you encrypt the given password on user logon again with this method and compare the
two hashs you know if the user entered the correct password.
Stefan
> -----Original Message-----
> From: Antonio Gallardo Rivera
> [mailto:[EMAIL PROTECTED]]
> Sent: Friday, September 20, 2002 8:10 PM
> To: [EMAIL PROTECTED]
> Subject: Password Encryption
>
>
> I am using authentication against the database. I am storing
> and geting the
> user parameters from a database. My question is:
>
> How can I encrypt the password to store it then in the database?
>
> Thanks in advance :)
>
> Antonio Gallardo
>
> ---------------------------------------------------------------------
> Please check that your question has not already been answered in the
> FAQ before posting. <http://xml.apache.org/cocoon/faq/index.html>
>
> To unsubscribe, e-mail: <[EMAIL PROTECTED]>
> For additional commands, e-mail: <[EMAIL PROTECTED]>
>
>
>
>
>
---------------------------------------------------------------------
Please check that your question has not already been answered in the
FAQ before posting. <http://xml.apache.org/cocoon/faq/index.html>
To unsubscribe, e-mail: <[EMAIL PROTECTED]>
For additional commands, e-mail: <[EMAIL PROTECTED]>
