[Opensource] pasword decryption
Lirian Ostrovica
lirian.ostrovica at senecac.on.ca
Wed Oct 16 06:05:33 PDT 2002
Mike,
The problem I think is that cookie's encrypted password is only available when
the client chooses to have the password remembered.
What I'm trying to do, is a kind of a Single Sign-On, that should always work.
If there is no other way of getting the password back, I would try
modifying/adding some code.
For example I might try storing the password in the session.
Do you have any better idea ?
Lirian
Michael Rimov wrote:
> At 11:29 AM 10/15/2002 -0400, you wrote:
> >Hi,
> >I wanted to have back the original user's password, from the encrypted
> >one ( that I get when I call: currentUser.getPassword() )
> >Can someone save me some time, by sending the few (I guess) lines of
> >code needed for that.
> >With a quick effort I wrote the following but it did not work.
>
> Actually, the password is hashed, not encrypted therefore, you cannot
> actually "Get" the password from the database. The only time the password
> is encrypted is through the User's password cookie. So you could call
> getSession().getClientAttribute("password"); and that might help.
>
> If you're confused about the difference, take a search with Google on
> "Cryptographic Hashing".
>
> HTH!
> -Mike
>
> _______________________________________________
> Opensource mailing list
> Opensource at jcorporate.com
> http://mail.jcorporate.com/mailman/listinfo/opensource
> Archives: http://mail.jcorporate.com/pipermail/opensource/
More information about the Opensource
mailing list