Foren

Home » Liferay Portal » English » 3. Development

Kombinierte Ansicht Flache Ansicht Baumansicht
Threads [ Zurück | Nächste ]
toggle
Wessel Oosthuizen
Password Validation
2. April 2013 10:11
Antwort

Wessel Oosthuizen

Rang: Junior Member

Nachrichten: 25

Eintrittsdatum: 9. August 2012

Neue Beiträge

Hello,

Is it possible to validate a users password within a query (stored procedure) in a MySQL database?

I have an external mobile application we are integrating into Liferay, but need to validate the users logging in with their Liferay credentials.

I know the passwords are SHA1 encrypted (by default), and cannot be decrypted, but does anybody know which method I can use in MySQL to encrypt the cleartext password the same as Liferay, and then compare it against the Liferay password?

Thanks

Wessel Oosthuizen
Mika Koivisto
RE: Password Validation
2. April 2013 14:46
Antwort

Mika Koivisto

LIFERAY STAFF

Rang: Liferay Legend

Nachrichten: 1501

Eintrittsdatum: 7. August 2006

Neue Beiträge

The default is sha1 hash of the password which is base64 encoded. Only starting from MySQL 5.6.1 does it have BASE64 encode function. See https://dev.mysql.com/doc/refman/5.6/en/string-functions.html#function_to-base64
Wessel Oosthuizen
RE: Password Validation
2. April 2013 15:07
Antwort

Wessel Oosthuizen

Rang: Junior Member

Nachrichten: 25

Eintrittsdatum: 9. August 2012

Neue Beiträge

Thanks Mika,

Actually I am aware of that function in MySQL and have installed that version and tried it. Unfortunately it is not working.

I do the following in the query:

select TO_BASE64(SHA1('pwd'));

It does not give me the same string that is stored as the liferay password.

Any ideas?

Thanks
Mika Koivisto
RE: Password Validation
2. April 2013 17:17
Antwort

Mika Koivisto

LIFERAY STAFF

Rang: Liferay Legend

Nachrichten: 1501

Eintrittsdatum: 7. August 2006

Neue Beiträge

I think MySQL SHA1 might already return the text hex encoded where as Liferay does BASE64 encoding the the digest instead of hex encoding.
Wessel Oosthuizen
RE: Password Validation
3. April 2013 06:06
Antwort

Wessel Oosthuizen

Rang: Junior Member

Nachrichten: 25

Eintrittsdatum: 9. August 2012

Neue Beiträge

Thanks Mika, you were right, the following does the trick:

select TO_BASE64(UNHEX(SHA1('pwd')));