如何使用JAVA在mysql中比较二进制文件
[英]how to compare binary in mysql with JAVA
问题描述
I have a database where one of the column(password) datatype is Binary(60). 
我有一个数据库,其中column(password)数据类型之一是Binary(60)。
I am using password as STRING in java and trying to compare the password coming from java (from user interface) with the password (as binary) in MySQL. 我在Java中将密码用作STRING,并尝试将来自Java(来自用户界面)的密码与MySQL中的密码(二进制)进行比较。
But it never gives me any result .. 但这永远不会给我任何结果..
Please guide what datatype/value will be able to compare with the Binary type 请指导哪些数据类型/值可以与二进制类型进行比较
thanks 谢谢
3 个解决方案
解决方案1
0 2013-08-02 11:16:59
I'm confused as to why you've used the binary type, but you can try: 我对为什么使用二进制类型感到困惑,但是您可以尝试:
String password = "a password";
// Run password through cryptographic functions.
String binaryStr = "";
for(char c : password)
{
int charInt = (int)c;
// Convert the character to it's integer representation.
binaryStr += Integer.toBinaryString(charInt);
// Convert that integer into a binary string.
}
The BINARY and VARBINARY types are similar to CHAR and VARCHAR, except that they contain binary strings rather than nonbinary strings.
Following the documentation, you can simply compare this new binary value you've generated with the value in the table. 根据文档,您可以简单地将生成的新二进制值与表中的值进行比较。
HOWEVER, keep in mind that this is a really bizarre way of storing the password, and it makes much more sense just to store the message digest (given that storing it in binary form offers 0 additional security). 但是,请记住,这是存储密码的一种非常奇怪的方式,并且仅存储消息摘要(考虑到以二进制形式存储提供了0个额外的安全性)就更有意义了。
解决方案2
0 2013-08-02 11:20:06
You should set your field as PASSWORD in MySQL instead. 您应该在MySQL中将字段设置为PASSWORD。 Like that the password will be hashed in MD5 whenever you save your password in the db. 这样,只要将密码保存在数据库中,密码就会在MD5中散列。 To make a comparison when a user logs in, you just hash your user given password to MD5 and do a string compare on the password which is stored in the DB. 为了在用户登录时进行比较,您只需将给定密码的用户哈希到MD5,然后对存储在数据库中的密码进行字符串比较。
解决方案3
0 已采纳 2013-08-02 11:31:34
Having the database field be configured as a binary string is maybe not ideal, but not a problem either. 将数据库字段配置为二进制字符串可能并不理想,但这也不是问题。
The problem is however, that you intend to store the password in there directly. 但是问题是 ,您打算直接在其中存储密码。 Please do not do this , as it will create a major security flaw. 请不要这样做 ,因为它会造成重大的安全漏洞。
Hashing it as suggested in another answer is better, but still not really good. 按照另一个答案中的建议进行哈希处理会更好,但仍然不是很好。 The problem with that is, that there are so-called rainbow tables which can be used reverse-lookup hashes to their original value. 这样做的问题是,存在所谓的彩虹表,该彩虹表可用于反向查找哈希值以恢复其原始值。
The minimum you need to do is use a salted hash ( https://en.wikipedia.org/wiki/Salt_(cryptography) ) or even better, use something like bcrypt or PBKDF2 (see Password Verification with PBKDF2 in Java ) to create a secure hash of the user provided password. 您需要做的最少工作是使用加盐哈希( https://en.wikipedia.org/wiki/Salt_(cryptography) )甚至更好,使用bcrypt或PBKDF2之类的东西(请参阅Java中使用PBKDF2进行密码验证 )来创建用户提供的密码的安全哈希。 These hashes will have fixed lengths and can easily be stored as a binary string in your given database field. 这些哈希具有固定的长度,可以很容易地以二进制字符串的形式存储在给定的数据库字段中。
When checking the user entry, just perform the same function again and compare that with the database content. 检查用户条目时,只需再次执行相同的功能,然后将其与数据库内容进行比较即可。 Of course, you must use SSL to transfer the password from client to server. 当然,您必须使用SSL将密码从客户端传输到服务器。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.