[jboss-user] [EJB 3.0] - Re: Storing Password as MD5 Hash

karl.martens do-not-reply at jboss.com
Tue Jul 31 10:47:40 EDT 2007


  An alternative to appending something to the encrypted password string that you can check to determine if the password requires encryption or not is to change the access method from PROPERTY to FIELD (map the fields instead of the getter method).

  This will allow the persistence provider to inject the value as stored in the database on the field and allow you to define behaviour to the getter and setter methods independently; allowing you  to encrypt the data.  Each entity can only have a single access method; so you'll have to make the same change for all your mapped columns in this entity.

 For a two-way hash my preference is to create a user type that encrypts and decrypts the data as it is sent to or retrieved from the database. (Hibernate specific)
  

  | 	@Column(name = "password", nullable = false, length = 255)
  | 	private String password;
  | 
  | 	public String getPassword() {
  | 		return this.password;
  | 	}
  | 
  | 
  | 	public void setPassword(String password) {
  | 		this.password = Util.createPasswordHash("MD5", Util.BASE64_ENCODING, null, null, password);
  | 	}
  | 

View the original post : http://www.jboss.com/index.html?module=bb&op=viewtopic&p=4069197#4069197

Reply to the post : http://www.jboss.com/index.html?module=bb&op=posting&mode=reply&p=4069197



More information about the jboss-user mailing list