加密(base64)密码未存储在数据库 hsql 中
Encrypted (base64) password not storing in database hsql
我正在尝试根据 Java Web 应用程序中的输入将 base64 加密密码简单地存储在数据库中。
我正在为此使用 hsqldb,我的密码列类型是 varbinary(255)。
但是当我尝试将它存储在数据库中时,我只会收到以下错误。我什至尝试将密码列的类型更改为 BLOB 或 varchar,但它仍然给我同样的错误。请帮忙。
错误:
com.loginjava.exception.LoginException: Not possible to update the password
at com.loginjava.classes.PasswordHandler.UpdatePassword(PasswordHandler.java:36)
at com.loginjava.servlets.ForgotPasswordReset.doPost(ForgotPasswordReset.java:55)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:660)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:741)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:231)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166)
at org.apache.tomcat.websocket.server.WsFilter.doFilter(WsFilter.java:53)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166)
at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:202)
at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:96)
at org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:541)
at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:139)
at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:92)
at org.apache.catalina.valves.AbstractAccessLogValve.invoke(AbstractAccessLogValve.java:690)
at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:74)
at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:343)
at org.apache.coyote.http11.Http11Processor.service(Http11Processor.java:373)
at org.apache.coyote.AbstractProcessorLight.process(AbstractProcessorLight.java:65)
at org.apache.coyote.AbstractProtocol$ConnectionHandler.process(AbstractProtocol.java:868)
at org.apache.tomcat.util.net.NioEndpoint$SocketProcessor.doRun(NioEndpoint.java:1590)
at org.apache.tomcat.util.net.SocketProcessorBase.run(SocketProcessorBase.java:49)
at java.base/java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1128)
at java.base/java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:628)
at org.apache.tomcat.util.threads.TaskThread$WrappingRunnable.run(TaskThread.java:61)
at java.base/java.lang.Thread.run(Thread.java:830)
Caused by: java.sql.SQLDataException: data exception: invalid character value for cast
at org.hsqldb.jdbc.JDBCUtil.sqlException(Unknown Source)
at org.hsqldb.jdbc.JDBCUtil.sqlException(Unknown Source)
at org.hsqldb.jdbc.JDBCPreparedStatement.setParameter(Unknown Source)
at org.hsqldb.jdbc.JDBCPreparedStatement.setString(Unknown Source)
at org.apache.tomcat.dbcp.dbcp2.DelegatingPreparedStatement.setString(DelegatingPreparedStatement.java:616)
at org.apache.tomcat.dbcp.dbcp2.DelegatingPreparedStatement.setString(DelegatingPreparedStatement.java:616)
at com.loginjava.classes.PasswordHandler.UpdatePassword(PasswordHandler.java:26)
... 25 more
Caused by: org.hsqldb.HsqlException: data exception: invalid character value for cast
at org.hsqldb.error.Error.error(Unknown Source)
at org.hsqldb.error.Error.error(Unknown Source)
at org.hsqldb.Scanner.convertToBinary(Unknown Source)
at org.hsqldb.types.BinaryType.castOrConvertToType(Unknown Source)
at org.hsqldb.types.BinaryType.convertToDefaultType(Unknown Source)
... 30 more
这是我的 Servlet:
protected void doPost(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException {
String password = request.getParameter("password");
String token = request.getParameter("token");
if(PasswordHandler.CheckRequirements(password)) {
String encryptedpwd = Base64.getEncoder().encodeToString(password.getBytes());
try {
PasswordHandler.UpdatePassword(encryptedpwd, token);
} catch (SQLException e) {
e.printStackTrace();
}
String message = Constants.PWD_SUCCESS;
request.setAttribute("message", message);
request.getRequestDispatcher("reset-password.jsp?token=" + token).forward(request, response);
} else {
String message = Constants.PWD_FAIL;
request.setAttribute("message", message);
request.getRequestDispatcher("reset-password.jsp?token=" + token).forward(request, response);
}
}
这是PasswordHandler.java class:
public static void UpdatePassword(String encryptedpwd, String token) throws SQLException {
try
{
PreparedStatement ps = con.prepareStatement(
"UPDATE user SET password = ? WHERE token = ?");
ps.setString(1,encryptedpwd);
ps.setString(2,token);
ps.executeUpdate();
ps.close();
}
catch (Exception e) {
throw new LoginException("Not possible to update the password", e);
}
}
在这里添加一个可能的解决方案,因为我的水平不允许我发表评论。
行中:
PasswordHandler.UpdatePassword(encryptedpwd, token);
验证变量的值和长度encryptedpwd,检查你的数据库是否接受类型值(可能为空)和变量的长度(可能比数据库中允许的长) .
您已将密码列定义为 varbinary(255)。任何插入此类列的字符串都必须是十六进制格式,例如cd349956e2
。您可以使用编码器将密码转换为二进制数组,然后在插入之前将二进制转换为十六进制。
或者您可以将列定义为 varchar(255) 以将密码作为 base64 字符串插入。
无论如何,密码通常不会直接存储在数据库中,而是作为安全散列存储。例如 SHA-256 哈希。
我正在尝试根据 Java Web 应用程序中的输入将 base64 加密密码简单地存储在数据库中。
我正在为此使用 hsqldb,我的密码列类型是 varbinary(255)。 但是当我尝试将它存储在数据库中时,我只会收到以下错误。我什至尝试将密码列的类型更改为 BLOB 或 varchar,但它仍然给我同样的错误。请帮忙。
错误:
com.loginjava.exception.LoginException: Not possible to update the password
at com.loginjava.classes.PasswordHandler.UpdatePassword(PasswordHandler.java:36)
at com.loginjava.servlets.ForgotPasswordReset.doPost(ForgotPasswordReset.java:55)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:660)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:741)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:231)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166)
at org.apache.tomcat.websocket.server.WsFilter.doFilter(WsFilter.java:53)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166)
at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:202)
at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:96)
at org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:541)
at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:139)
at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:92)
at org.apache.catalina.valves.AbstractAccessLogValve.invoke(AbstractAccessLogValve.java:690)
at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:74)
at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:343)
at org.apache.coyote.http11.Http11Processor.service(Http11Processor.java:373)
at org.apache.coyote.AbstractProcessorLight.process(AbstractProcessorLight.java:65)
at org.apache.coyote.AbstractProtocol$ConnectionHandler.process(AbstractProtocol.java:868)
at org.apache.tomcat.util.net.NioEndpoint$SocketProcessor.doRun(NioEndpoint.java:1590)
at org.apache.tomcat.util.net.SocketProcessorBase.run(SocketProcessorBase.java:49)
at java.base/java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1128)
at java.base/java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:628)
at org.apache.tomcat.util.threads.TaskThread$WrappingRunnable.run(TaskThread.java:61)
at java.base/java.lang.Thread.run(Thread.java:830)
Caused by: java.sql.SQLDataException: data exception: invalid character value for cast
at org.hsqldb.jdbc.JDBCUtil.sqlException(Unknown Source)
at org.hsqldb.jdbc.JDBCUtil.sqlException(Unknown Source)
at org.hsqldb.jdbc.JDBCPreparedStatement.setParameter(Unknown Source)
at org.hsqldb.jdbc.JDBCPreparedStatement.setString(Unknown Source)
at org.apache.tomcat.dbcp.dbcp2.DelegatingPreparedStatement.setString(DelegatingPreparedStatement.java:616)
at org.apache.tomcat.dbcp.dbcp2.DelegatingPreparedStatement.setString(DelegatingPreparedStatement.java:616)
at com.loginjava.classes.PasswordHandler.UpdatePassword(PasswordHandler.java:26)
... 25 more
Caused by: org.hsqldb.HsqlException: data exception: invalid character value for cast
at org.hsqldb.error.Error.error(Unknown Source)
at org.hsqldb.error.Error.error(Unknown Source)
at org.hsqldb.Scanner.convertToBinary(Unknown Source)
at org.hsqldb.types.BinaryType.castOrConvertToType(Unknown Source)
at org.hsqldb.types.BinaryType.convertToDefaultType(Unknown Source)
... 30 more
这是我的 Servlet:
protected void doPost(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException {
String password = request.getParameter("password");
String token = request.getParameter("token");
if(PasswordHandler.CheckRequirements(password)) {
String encryptedpwd = Base64.getEncoder().encodeToString(password.getBytes());
try {
PasswordHandler.UpdatePassword(encryptedpwd, token);
} catch (SQLException e) {
e.printStackTrace();
}
String message = Constants.PWD_SUCCESS;
request.setAttribute("message", message);
request.getRequestDispatcher("reset-password.jsp?token=" + token).forward(request, response);
} else {
String message = Constants.PWD_FAIL;
request.setAttribute("message", message);
request.getRequestDispatcher("reset-password.jsp?token=" + token).forward(request, response);
}
}
这是PasswordHandler.java class:
public static void UpdatePassword(String encryptedpwd, String token) throws SQLException {
try
{
PreparedStatement ps = con.prepareStatement(
"UPDATE user SET password = ? WHERE token = ?");
ps.setString(1,encryptedpwd);
ps.setString(2,token);
ps.executeUpdate();
ps.close();
}
catch (Exception e) {
throw new LoginException("Not possible to update the password", e);
}
}
在这里添加一个可能的解决方案,因为我的水平不允许我发表评论。
行中:
PasswordHandler.UpdatePassword(encryptedpwd, token);
验证变量的值和长度encryptedpwd,检查你的数据库是否接受类型值(可能为空)和变量的长度(可能比数据库中允许的长) .
您已将密码列定义为 varbinary(255)。任何插入此类列的字符串都必须是十六进制格式,例如cd349956e2
。您可以使用编码器将密码转换为二进制数组,然后在插入之前将二进制转换为十六进制。
或者您可以将列定义为 varchar(255) 以将密码作为 base64 字符串插入。
无论如何,密码通常不会直接存储在数据库中,而是作为安全散列存储。例如 SHA-256 哈希。