Password Validation

Fórum

Wessel Oosthuizen, modificado 11 Anos atrás.

Password Validation

Junior Member Postagens: 25 Data de Entrada: 09/08/12 Postagens Recentes

Hello,

Is it possible to validate a users password within a query (stored procedure) in a MySQL database?

I have an external mobile application we are integrating into Liferay, but need to validate the users logging in with their Liferay credentials.

I know the passwords are SHA1 encrypted (by default), and cannot be decrypted, but does anybody know which method I can use in MySQL to encrypt the cleartext password the same as Liferay, and then compare it against the Liferay password?

Thanks

Wessel Oosthuizen

Mika Koivisto, modificado 11 Anos atrás.

RE: Password Validation

Liferay Legend Postagens: 1519 Data de Entrada: 07/08/06 Postagens Recentes

The default is sha1 hash of the password which is base64 encoded. Only starting from MySQL 5.6.1 does it have BASE64 encode function. See https://dev.mysql.com/doc/refman/5.6/en/string-functions.html#function_to-base64

Wessel Oosthuizen, modificado 11 Anos atrás.

RE: Password Validation

Junior Member Postagens: 25 Data de Entrada: 09/08/12 Postagens Recentes

Thanks Mika,

Actually I am aware of that function in MySQL and have installed that version and tried it. Unfortunately it is not working.

I do the following in the query:

select TO_BASE64(SHA1('pwd'));

It does not give me the same string that is stored as the liferay password.

Any ideas?

Thanks

Mika Koivisto, modificado 11 Anos atrás.

RE: Password Validation

Liferay Legend Postagens: 1519 Data de Entrada: 07/08/06 Postagens Recentes

I think MySQL SHA1 might already return the text hex encoded where as Liferay does BASE64 encoding the the digest instead of hex encoding.

Wessel Oosthuizen, modificado 11 Anos atrás.

RE: Password Validation

Junior Member Postagens: 25 Data de Entrada: 09/08/12 Postagens Recentes

Thanks Mika, you were right, the following does the trick:

select TO_BASE64(UNHEX(SHA1('pwd')));