Password Validation

Foren

Wessel Oosthuizen, geändert vor 11 Jahren.

Password Validation

Junior Member Beiträge: 25 Beitrittsdatum: 09.08.12 Neueste Beiträge

Hello,

Is it possible to validate a users password within a query (stored procedure) in a MySQL database?

I have an external mobile application we are integrating into Liferay, but need to validate the users logging in with their Liferay credentials.

I know the passwords are SHA1 encrypted (by default), and cannot be decrypted, but does anybody know which method I can use in MySQL to encrypt the cleartext password the same as Liferay, and then compare it against the Liferay password?

Thanks

Wessel Oosthuizen

Mika Koivisto, geändert vor 11 Jahren.

RE: Password Validation

Liferay Legend Beiträge: 1519 Beitrittsdatum: 07.08.06 Neueste Beiträge

The default is sha1 hash of the password which is base64 encoded. Only starting from MySQL 5.6.1 does it have BASE64 encode function. See https://dev.mysql.com/doc/refman/5.6/en/string-functions.html#function_to-base64

Wessel Oosthuizen, geändert vor 11 Jahren.

RE: Password Validation

Junior Member Beiträge: 25 Beitrittsdatum: 09.08.12 Neueste Beiträge

Thanks Mika,

Actually I am aware of that function in MySQL and have installed that version and tried it. Unfortunately it is not working.

I do the following in the query:

select TO_BASE64(SHA1('pwd'));

It does not give me the same string that is stored as the liferay password.

Any ideas?

Thanks

Mika Koivisto, geändert vor 11 Jahren.

RE: Password Validation

Liferay Legend Beiträge: 1519 Beitrittsdatum: 07.08.06 Neueste Beiträge

I think MySQL SHA1 might already return the text hex encoded where as Liferay does BASE64 encoding the the digest instead of hex encoding.

Wessel Oosthuizen, geändert vor 11 Jahren.

RE: Password Validation

Junior Member Beiträge: 25 Beitrittsdatum: 09.08.12 Neueste Beiträge

Thanks Mika, you were right, the following does the trick:

select TO_BASE64(UNHEX(SHA1('pwd')));