yes, you never ever store a password directly in the db!!!also good idea to use "salt" so a dictionary attack wont work.String salt=generate random string of some length;String tmp=password+salt;
String hash=hash(tmp);store in the database salt and hash.-IgorOn 10/14/06, Johan Compagner <
[EMAIL PR
use a one way encryption (hash) like SHAOn 10/14/06, Ayodeji Aladejebi <[EMAIL PROTECTED]> wrote:
so how should passwords be stored into a database especially when yu are using JPA ( a User object) for instance with username prop and password prop?
Please do not use the crypt factory for storinga
so how should passwords be stored into a database especially when yu are using JPA ( a User object) for instance with username prop and password prop?
Please do not use the crypt factory for storingapplication password in your database or whereever as the interfaceasks for encryption _and_ decrypti
Yes exactly. Reason being that URLs as well as cookies are limited to
base64 chars. Please do not use the crypt factory for storing
application password in your database or whereever as the interface
asks for encryption _and_ decryption (synchronous algorithms)
Juergen
On 10/13/06, Igor Vaynberg
i believe we first encode using the crypto algorithm given a key you specify, and then base64 the result so it can be put into the url-IgorOn 10/13/06,
craigdd <[EMAIL PROTECTED]> wrote:
It is great that wicket provides this functionality out of the box...props tothe wicket development team.So am
Also used for (password) cookies.
Eelco
On 10/13/06, Igor Vaynberg <[EMAIL PROTECTED]> wrote:
> it is used to retrieve crypto algorithms whenever we need to encrypt
> something - which isnt very often. wicket has support for encrypting urls so
> that is one place where it is used.
>
> generally
It is great that wicket provides this functionality out of the box...props to
the wicket development team.
So am I correct in seeing that the CryptedUrlWebRequestCodingStrategy is
using base64 to encode and decode the URL string?
So getting back to the ICryptFactory interface, is this just a con
no use CryptedUrlWebRequestCodingStrategy for that.johanOn 10/13/06, craigdd <[EMAIL PROTECTED]> wrote:
So are you saying that by implementing the ICryptFactory interface that URLswill also be encrypted?
igor.vaynberg wrote:>> it is used to retrieve crypto algorithms whenever we need to encrypt> so
So are you saying that by implementing the ICryptFactory interface that URLs
will also be encrypted?
igor.vaynberg wrote:
>
> it is used to retrieve crypto algorithms whenever we need to encrypt
> something - which isnt very often. wicket has support for encrypting urls
> so
> that is one plac
it is used to retrieve crypto algorithms whenever we need to encrypt something - which isnt very often. wicket has support for encrypting urls so that is one place where it is used.generally you can find all places in code where it is used by asking your IDE to find references to it.
-IgorOn 10/13/
10 matches
Mail list logo