Hope everyones doing just fine :)
I am working on a portal involving payment gateways and SSL implementation for payments.We are registering first time commers with basic membership levels.During the registration process the password is stored as it is in the MySQL database server.We felt the need for encrypting or (encoding /decoding ) the password column for more security..
There are some cool functions avaliable with MySQL , but using database specific function will lock our flexibility to port the database to other SQL servers ,if ever in the future.So I was wondering if there is any way i can use java methods or classes if available to encrypt the password .
Suggestions if any will be appreciated.
Check out the JCE api at java.sun.com
Yes, the JCE is the place to look for this kind of thing.
Basically, the standard solution for the password storage
is to hash the password, run the bytestream through
Base64 to get a String, then write the result to MySQL.
To verify a password, run the potentially correct passwd
through the hash, Base64, and compare to stored value.
If it's equal, you are fine. If not, deny access.