堆栈内存溢出
  简体   繁体   English

加密(base64)密码未存储在数据库 hsql 中

[英]Encrypted (base64) password not storing in database hsql

 原文  2020-06-09 17:10:40       java/ encryption/ base64/ hsqldb

问题描述

I'm trying to simply store an base64 encripted password in database from an input in Java Web App.我试图从 Java Web App 中的输入简单地将 base64 加密密码存储在数据库中。

I'm using hsqldb for this and my password column type is varbinary(255).我为此使用 hsqldb,我的密码列类型是 varbinary(255)。 But when I try to store it in database I just get the error below.但是当我尝试将它存储在数据库中时,我只会收到以下错误。 I even tried to change the type of the password column to BLOB or varchar, but it still gives me the same error.我什至尝试将密码列的类型更改为 BLOB 或 varchar,但它仍然给我同样的错误。 Please help.请帮忙。

The error:错误:

com.loginjava.exception.LoginException: Not possible to update the password
    at com.loginjava.classes.PasswordHandler.UpdatePassword(PasswordHandler.java:36)
    at com.loginjava.servlets.ForgotPasswordReset.doPost(ForgotPasswordReset.java:55)
    at javax.servlet.http.HttpServlet.service(HttpServlet.java:660)
    at javax.servlet.http.HttpServlet.service(HttpServlet.java:741)
    at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:231)
    at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166)
    at org.apache.tomcat.websocket.server.WsFilter.doFilter(WsFilter.java:53)
    at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193)
    at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166)
    at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:202)
    at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:96)
    at org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:541)
    at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:139)
    at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:92)
    at org.apache.catalina.valves.AbstractAccessLogValve.invoke(AbstractAccessLogValve.java:690)
    at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:74)
    at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:343)
    at org.apache.coyote.http11.Http11Processor.service(Http11Processor.java:373)
    at org.apache.coyote.AbstractProcessorLight.process(AbstractProcessorLight.java:65)
    at org.apache.coyote.AbstractProtocol$ConnectionHandler.process(AbstractProtocol.java:868)
    at org.apache.tomcat.util.net.NioEndpoint$SocketProcessor.doRun(NioEndpoint.java:1590)
    at org.apache.tomcat.util.net.SocketProcessorBase.run(SocketProcessorBase.java:49)
    at java.base/java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1128)
    at java.base/java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:628)
    at org.apache.tomcat.util.threads.TaskThread$WrappingRunnable.run(TaskThread.java:61)
    at java.base/java.lang.Thread.run(Thread.java:830)
Caused by: java.sql.SQLDataException: data exception: invalid character value for cast
    at org.hsqldb.jdbc.JDBCUtil.sqlException(Unknown Source)
    at org.hsqldb.jdbc.JDBCUtil.sqlException(Unknown Source)
    at org.hsqldb.jdbc.JDBCPreparedStatement.setParameter(Unknown Source)
    at org.hsqldb.jdbc.JDBCPreparedStatement.setString(Unknown Source)
    at org.apache.tomcat.dbcp.dbcp2.DelegatingPreparedStatement.setString(DelegatingPreparedStatement.java:616)
    at org.apache.tomcat.dbcp.dbcp2.DelegatingPreparedStatement.setString(DelegatingPreparedStatement.java:616)
    at com.loginjava.classes.PasswordHandler.UpdatePassword(PasswordHandler.java:26)
    ... 25 more
Caused by: org.hsqldb.HsqlException: data exception: invalid character value for cast
    at org.hsqldb.error.Error.error(Unknown Source)
    at org.hsqldb.error.Error.error(Unknown Source)
    at org.hsqldb.Scanner.convertToBinary(Unknown Source)
    at org.hsqldb.types.BinaryType.castOrConvertToType(Unknown Source)
    at org.hsqldb.types.BinaryType.convertToDefaultType(Unknown Source)
    ... 30 more

Here's my Servlet:这是我的 Servlet:

    protected void doPost(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException {

        String password = request.getParameter("password");
        String token = request.getParameter("token");
                if(PasswordHandler.CheckRequirements(password)) {

                    String encryptedpwd = Base64.getEncoder().encodeToString(password.getBytes());
                    try {
                        PasswordHandler.UpdatePassword(encryptedpwd, token);
                    } catch (SQLException e) {

                        e.printStackTrace();
                    }


                String message = Constants.PWD_SUCCESS;
                request.setAttribute("message", message);
                request.getRequestDispatcher("reset-password.jsp?token=" + token).forward(request, response);   

            } else {

                String message = Constants.PWD_FAIL;
                request.setAttribute("message", message);
                request.getRequestDispatcher("reset-password.jsp?token=" + token).forward(request, response);   
            }



    }

This is the PasswordHandler.java class:这是 PasswordHandler.java class:

public static void UpdatePassword(String encryptedpwd, String token) throws SQLException {

            try
              {
               PreparedStatement ps = con.prepareStatement(
                  "UPDATE user SET password = ? WHERE token = ?");

                ps.setString(1,encryptedpwd);
                ps.setString(2,token);

                ps.executeUpdate();

                ps.close();


              }
            catch (Exception e) {
                 throw new LoginException("Not possible to update the password", e);
              }


            }

2 个解决方案

解决方案1
 1 已采纳  2020-06-09 21:02:52

You have defined your password column as varbinary(255).您已将密码列定义为 varbinary(255)。 Any character string inserted into this type of column must be in hexadecimal format, for example, cd349956e2 .插入此类列的任何字符串都必须采用十六进制格式,例如cd349956e2 You can use an encoder to convert the password into a binary array, then convert the binary into hexadecimal before insert.您可以使用编码器将密码转换为二进制数组,然后在插入之前将二进制转换为十六进制。

Or you can define the column as varchar(255) to insert the password as a base64 string.或者您可以将列定义为 varchar(255) 以将密码插入为 base64 字符串。

In any case, passwords are not usually stored in database directly, but as a secure hash.在任何情况下,密码通常不会直接存储在数据库中,而是作为安全的 hash 存储。 For example a SHA-256 hash.例如 SHA-256 hash。

解决方案2
 0  2020-06-09 17:17:45

Add here a possible solution because my level does not allow me comment.在此处添加一个可能的解决方案,因为我的级别不允许我发表评论。

In the line:在行中:

PasswordHandler.UpdatePassword(encryptedpwd, token);

Verify value and length of variable encryptedpwd , check if your database accept the type value (maybe null) and the length of the variable (maybe is longer than allowed in DB).验证变量encryptedpwd的值和长度,检查您的数据库是否接受类型值(可能为 null)和变量的长度(可能比数据库中允许的长)。

暂无
暂无

声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.

相关问题 Base64编码加密的密码哈希 - Base64 Encoding encrypted password hashes 将 UUID 存储为 base64 字符串 - Storing UUID as base64 String 将Base64格式的图像存储到String变量中会出现错误 - Storing image in Base64 format into String variable gives an error Spring 5、基本认证和base64密码编码器 - Spring 5 , basic Authentication and base64 password Encoder 图片到base64 - Image to base64 从Base64到ImageIO - Base64 To ImageIO DateFormat和Base64 - DateFormat and Base64 AudioInputStream到base64 - AudioInputStream to base64 用RSA加密并以base64编码的php文本在android中解密后不保留一些 - php text encrypted with RSA in and base64 encoded doesnt remain some after decryption in android 通过URL后不保留以Base64编码的加密字符串吗? - Encrypted String encoded in Base64 not preserved after going through URL?
相关标签
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM