Yeah, that's what I've always done, as well.
I was just sitting here wondering if there was a way to take advantage
of the db functions.
Ah well. Thanks!
Robert
On Aug 7, 2008, at 8/72:00 PM , Michael Gentry wrote:
I've done it in code. If your Java side is the same as the DB side,
it really doesn't much matter (like using SHA1). (If you want someone
to be able to reset the password from the SQL command-line, for
example). Doing it in code seems fine to me. Create a setPassword()
cover method in Users.java that hashes it and sets it in the parent:
public void setPassword(String newPassword)
{
super.setPassword(sha1(newPassword));
}
This way you toss the plain-text password quickly. Also, if it is set
to the original password, Cayenne will skip it as a changed value.
I've also used this technique with encryption, too. You have to
override the set/get methods for the encrypted fields (say, a social
security number or a credit card number). It is a little more work to
do queries on encrypted fields, of course.
On Thu, Aug 7, 2008 at 1:13 PM, Robert Zeigler <[EMAIL PROTECTED]
> wrote:
Hi all,
Up to this point, whenever I've had to store hashed text (say, the
hashed
from of a password) in the db, I've simply hashed in code.
But the question arose the other day of how you would go about
doing this on
the database sided (assuming your target db supports your target hash
function).
Say, for example, you have the following table:
users
id integer
username varchar('32')
password varchar('40')
And you want to hash the password as sha1.
Using mysql and straight sql, you would do something like:
insert into users (id,username,password)
values(1,'userx',sha1('usery'));
Is there some way to get cayenne to generate this same sql when
inserting
new rows?
Or, for example, when cayenne detects a diff in password, and does
an update
users set password=..., to have it do password=sha1('newpassword')?
Of course, I can hash the password in code... but it would be nice if
cayenne could somehow manage this for me.
And I could do some sort of ugly hack like having a post-persist
callback
that executes sqltemplate to sha1-hash the value of the newly
inserted
row... but that really is ugly.
Surely I'm not the only one who hashes passwords in the
database. ;) What
are other people doing here? Does everyone just handle the hashing
in code,
like I've been doing up until now?
Robert
