1 Reply Latest reply: Jan 23, 2009 6:06 PM by 3004 RSS

    Decode MySQL using Java

    843785
      Hey guys,

      I have been having problems trying to figure out how to decode MySQL passwords that i have setup on my table using Java so that when a user enters a password on the java application it will decode that password check if it is correctly used and then let them log in. Currently i am using NetBeans and my current checker for password and user name is

      String sql = "SELECT * from user where userName LIKE '" + userName + "' and userPass LIKE '" + userPass + "'";

      as you can see it has nothing to do with decoding.

      I also know that to be able to decode on mysql it has to be done like this.

      SELECT DECODE([table_column], 'encoded password') from [table name];

      so for example here is where my current passwords are

      SELECT DECODE(userPass, 'cross') from user;

      also to make this a little easier so that it depicts the actual user

      SELECT DECODE(userPass, 'cross') from user where userName = 'ian';

      If anyone has any ideas that would be great. I also tried searching the forums and a lot of google but each time i find something it has to do with php or just encrypting anything on actual java.
        • 1. Re: Decode MySQL using Java
          3004
          You don't decode passwords. You encode what the user provides when trying to log in and see if it matches the encoded value stored in the DB.

          Also, use PreparedStatement. It saves you a lot of escaping/formatting work and prevents [SQL Injection|http://en.wikipedia.org/wiki/Sql_injection].
          ps = con.prepareStatement("select * from foo where name = ? and birthdate = ?");
          ps.setStrng(1, name);
          ps.setDate(2, birthDate);
          rs = ps.executeQuery();