so how should passwords be stored into a database especially when yu are using JPA ( a User object) for instance with username prop and password prop?
Please do not use the crypt factory for storingapplication password in your database or whereever as the interfaceasks for encryption _and_
use a one way encryption (hash) like SHAOn 10/14/06, Ayodeji Aladejebi [EMAIL PROTECTED] wrote:
so how should passwords be stored into a database especially when yu are using JPA ( a User object) for instance with username prop and password prop?
Please do not use the crypt factory for
yes, you never ever store a password directly in the db!!!also good idea to use salt so a dictionary attack wont work.String salt=generate random string of some length;String tmp=password+salt;
String hash=hash(tmp);store in the database salt and hash.-IgorOn 10/14/06, Johan Compagner
[EMAIL
it is used to retrieve crypto algorithms whenever we need to encrypt something - which isnt very often. wicket has support for encrypting urls so that is one place where it is used.generally you can find all places in code where it is used by asking your IDE to find references to it.
-IgorOn
no use CryptedUrlWebRequestCodingStrategy for that.johanOn 10/13/06, craigdd [EMAIL PROTECTED] wrote:
So are you saying that by implementing the ICryptFactory interface that URLswill also be encrypted?
igor.vaynberg wrote: it is used to retrieve crypto algorithms whenever we need to encrypt
It is great that wicket provides this functionality out of the box...props to
the wicket development team.
So am I correct in seeing that the CryptedUrlWebRequestCodingStrategy is
using base64 to encode and decode the URL string?
So getting back to the ICryptFactory interface, is this just a
i believe we first encode using the crypto algorithm given a key you specify, and then base64 the result so it can be put into the url-IgorOn 10/13/06,
craigdd [EMAIL PROTECTED] wrote:
It is great that wicket provides this functionality out of the box...props tothe wicket development team.So am I
Yes exactly. Reason being that URLs as well as cookies are limited to
base64 chars. Please do not use the crypt factory for storing
application password in your database or whereever as the interface
asks for encryption _and_ decryption (synchronous algorithms)
Juergen
On 10/13/06, Igor Vaynberg