在MySQL的Select查询中将VARBINARY值转换为String?

时间:2018-11-20 01:22:00

标签: java mysql jsp login password-hash

根据此answer,我应该将我的 String BCrypt哈希密码passHash保存为BINARYBINARY(60)(我选择了BINARY(60))存储在我的MySQL表中时(我将其存储在名为passHash的列中)。

现在,当我从表中选择passHash列值并将其检索到Java中时,它现在是byte[]数据类型。

然后如何将其转换回其 String 形式,以便可以使用下面的validateLogin()方法对其进行验证:

//Validate username and password login
    public boolean validateLogin(String username, String userpass) 
    {
        boolean status = false;  
        PreparedStatement pst = null; 
        ResultSet rs = null;  

        User user = new User(); //This is my Java bean class

        try(Connection connect= DBConnection.getConnection())
        {
            //Here, passHash is stored as VARBINARY(60) 
            pst = connect.prepareStatement("SELECT * FROM user WHERE username=? and passHash=?;"); 

            pst.setString(1, username);  
            pst.setString(2, userpass);  
            //Here's where I'm having difficulty because `passHash` column in my user table is VARBINARY(60) while `userpass` is a String

            rs = pst.executeQuery(); 
            status = rs.next();  
        } 

        catch (SQLException e) 
        {
            e.printStackTrace();
        }
            return status;  //status will return `true` if `username` and `userpass` matches what's in the columns
    }

使用参数usernameuserpassLogin.jsp形式获取用户输入:

String username = request.getParameter("username");
String userpass = request.getParameter("userpass");

编辑:我的BCrypt代码如下:

//returns a hashed String value
public static String bCrypt (String passPlain) {
        return BCrypt.hashpw(passPlain, BCrypt.gensalt(10));
    }

//Returns a true if plain password is a match with hashed password
public static Boolean isMatch(String passPlain, String passHash){
        return (BCrypt.checkpw(passPlain, passHash));
    }

1 个答案:

答案 0 :(得分:0)

创建用户帐户时,必须以某种方式对密码进行哈希处理才能在Java中生成byte[],然后将其插入到user表中。

public static byte[] bCrypt (String passPlain) {
    return BCrypt.hashpw(passPlain, BCrypt.gensalt(10)).getBytes();
}

// here is how you generate the hash
byte[] hashed = bCrypt(userpass).toBytes();

// here is how you authenticate a login
String password; // from the UI
String sql = "SELECT passHash FROM user WHERE username = ?";
pst = connect.prepareStatement(sql);
pst.setString(1, username);
rs = pst.executeQuery();

if (rs.next()) {
    byte[] hash = rs.getBytes(1);
    if (isMatch(password, new String(hash))) {
        // authenticate
    }
}

用于检查现有密码的模式是传递纯文本密码和哈希。

相关问题
最新问题