An alternative to appending something to the encrypted password string that you can check to determine if the password requires encryption or not is to change the access method from PROPERTY to FIELD (map the fields instead of the getter method). This will allow the persistence provider to inject the value as stored in the database on the field and allow you to define behaviour to the getter and setter methods independently; allowing you to encrypt the data. Each entity can only have a single access method; so you'll have to make the same change for all your mapped columns in this entity. For a two-way hash my preference is to create a user type that encrypts and decrypts the data as it is sent to or retrieved from the database. (Hibernate specific) | @Column(name = "password", nullable = false, length = 255) | private String password; | | public String getPassword() { | return this.password; | } | | | public void setPassword(String password) { | this.password = Util.createPasswordHash("MD5", Util.BASE64_ENCODING, null, null, password); | } | View the original post : http://www.jboss.com/index.html?module=bb&op=viewtopic&p=4069197#... Reply to the post : http://www.jboss.com/index.html?module=bb&op=posting&mode=reply&a...