Tribune

Home » Liferay Portal » English » 3. Development

Vista Combinata Vista Piatta Vista ad Albero
Discussioni [ Precedente | Successivo ]
toggle
Wessel Oosthuizen
Password Validation
2 aprile 2013 10.11
Risposta

Wessel Oosthuizen

Punteggio: Junior Member

Messaggi: 25

Data di Iscrizione: 9 agosto 2012

Messaggi recenti

Hello,

Is it possible to validate a users password within a query (stored procedure) in a MySQL database?

I have an external mobile application we are integrating into Liferay, but need to validate the users logging in with their Liferay credentials.

I know the passwords are SHA1 encrypted (by default), and cannot be decrypted, but does anybody know which method I can use in MySQL to encrypt the cleartext password the same as Liferay, and then compare it against the Liferay password?

Thanks

Wessel Oosthuizen
Mika Koivisto
RE: Password Validation
2 aprile 2013 14.46
Risposta

Mika Koivisto

LIFERAY STAFF

Punteggio: Liferay Legend

Messaggi: 1513

Data di Iscrizione: 7 agosto 2006

Messaggi recenti

The default is sha1 hash of the password which is base64 encoded. Only starting from MySQL 5.6.1 does it have BASE64 encode function. See https://dev.mysql.com/doc/refman/5.6/en/string-functions.html#function_to-base64
Wessel Oosthuizen
RE: Password Validation
2 aprile 2013 15.07
Risposta

Wessel Oosthuizen

Punteggio: Junior Member

Messaggi: 25

Data di Iscrizione: 9 agosto 2012

Messaggi recenti

Thanks Mika,

Actually I am aware of that function in MySQL and have installed that version and tried it. Unfortunately it is not working.

I do the following in the query:

select TO_BASE64(SHA1('pwd'));

It does not give me the same string that is stored as the liferay password.

Any ideas?

Thanks
Mika Koivisto
RE: Password Validation
2 aprile 2013 17.17
Risposta

Mika Koivisto

LIFERAY STAFF

Punteggio: Liferay Legend

Messaggi: 1513

Data di Iscrizione: 7 agosto 2006

Messaggi recenti

I think MySQL SHA1 might already return the text hex encoded where as Liferay does BASE64 encoding the the digest instead of hex encoding.
Wessel Oosthuizen
RE: Password Validation
3 aprile 2013 6.06
Risposta

Wessel Oosthuizen

Punteggio: Junior Member

Messaggi: 25

Data di Iscrizione: 9 agosto 2012

Messaggi recenti

Thanks Mika, you were right, the following does the trick:

select TO_BASE64(UNHEX(SHA1('pwd')));