在 MySQL 中的 Select 查询中将 VARBINARY 值转换为字符串?
Converting VARBINARY values into String in a Select Query in MySQL?
根据此 answer,我应该将我的 String BCrypt 散列密码 passHash 保存为 BINARY 或 BINARY(60)(我选择BINARY(60))存储在我的MySQLtable(我存储在一个名为passHash的列)。
现在,当我 select 并将 passHash 列值从我的 table 检索到 Java 时,它现在是 byte[] 数据类型。
然后我如何将它转换回它的 String 形式,以便我可以使用下面的 validateLogin() 方法验证它:
//Validate username and password login
public boolean validateLogin(String username, String userpass)
{
boolean status = false;
PreparedStatement pst = null;
ResultSet rs = null;
User user = new User(); //This is my Java bean class
try(Connection connect= DBConnection.getConnection())
{
//Here, passHash is stored as VARBINARY(60)
pst = connect.prepareStatement("SELECT * FROM user WHERE username=? and passHash=?;");
pst.setString(1, username);
pst.setString(2, userpass);
//Here's where I'm having difficulty because `passHash` column in my user table is VARBINARY(60) while `userpass` is a String
rs = pst.executeQuery();
status = rs.next();
}
catch (SQLException e)
{
e.printStackTrace();
}
return status; //status will return `true` if `username` and `userpass` matches what's in the columns
}
参数 username 和 userpass 用于获取用户在我的 Login.jsp 表单中的输入:
String username = request.getParameter("username");
String userpass = request.getParameter("userpass");
编辑:我的BCrypt代码如下:
//returns a hashed String value
public static String bCrypt (String passPlain) {
return BCrypt.hashpw(passPlain, BCrypt.gensalt(10));
}
//Returns a true if plain password is a match with hashed password
public static Boolean isMatch(String passPlain, String passHash){
return (BCrypt.checkpw(passPlain, passHash));
}
当您创建用户帐户时,您必须以某种方式对密码进行哈希处理以在 Java 中生成一个 byte[],然后将其插入您的 user [=18] =].
public static byte[] bCrypt (String passPlain) {
return BCrypt.hashpw(passPlain, BCrypt.gensalt(10)).getBytes();
}
// here is how you generate the hash
byte[] hashed = bCrypt(userpass).toBytes();
// here is how you authenticate a login
String password; // from the UI
String sql = "SELECT passHash FROM user WHERE username = ?";
pst = connect.prepareStatement(sql);
pst.setString(1, username);
rs = pst.executeQuery();
if (rs.next()) {
byte[] hash = rs.getBytes(1);
if (isMatch(password, new String(hash))) {
// authenticate
}
}
检查现有密码的模式是传入明文密码和哈希值。
根据此 answer,我应该将我的 String BCrypt 散列密码 passHash 保存为 BINARY 或 BINARY(60)(我选择BINARY(60))存储在我的MySQLtable(我存储在一个名为passHash的列)。
现在,当我 select 并将 passHash 列值从我的 table 检索到 Java 时,它现在是 byte[] 数据类型。
然后我如何将它转换回它的 String 形式,以便我可以使用下面的 validateLogin() 方法验证它:
//Validate username and password login
public boolean validateLogin(String username, String userpass)
{
boolean status = false;
PreparedStatement pst = null;
ResultSet rs = null;
User user = new User(); //This is my Java bean class
try(Connection connect= DBConnection.getConnection())
{
//Here, passHash is stored as VARBINARY(60)
pst = connect.prepareStatement("SELECT * FROM user WHERE username=? and passHash=?;");
pst.setString(1, username);
pst.setString(2, userpass);
//Here's where I'm having difficulty because `passHash` column in my user table is VARBINARY(60) while `userpass` is a String
rs = pst.executeQuery();
status = rs.next();
}
catch (SQLException e)
{
e.printStackTrace();
}
return status; //status will return `true` if `username` and `userpass` matches what's in the columns
}
参数 username 和 userpass 用于获取用户在我的 Login.jsp 表单中的输入:
String username = request.getParameter("username");
String userpass = request.getParameter("userpass");
编辑:我的BCrypt代码如下:
//returns a hashed String value
public static String bCrypt (String passPlain) {
return BCrypt.hashpw(passPlain, BCrypt.gensalt(10));
}
//Returns a true if plain password is a match with hashed password
public static Boolean isMatch(String passPlain, String passHash){
return (BCrypt.checkpw(passPlain, passHash));
}
当您创建用户帐户时,您必须以某种方式对密码进行哈希处理以在 Java 中生成一个 byte[],然后将其插入您的 user [=18] =].
public static byte[] bCrypt (String passPlain) {
return BCrypt.hashpw(passPlain, BCrypt.gensalt(10)).getBytes();
}
// here is how you generate the hash
byte[] hashed = bCrypt(userpass).toBytes();
// here is how you authenticate a login
String password; // from the UI
String sql = "SELECT passHash FROM user WHERE username = ?";
pst = connect.prepareStatement(sql);
pst.setString(1, username);
rs = pst.executeQuery();
if (rs.next()) {
byte[] hash = rs.getBytes(1);
if (isMatch(password, new String(hash))) {
// authenticate
}
}
检查现有密码的模式是传入明文密码和哈希值。