Similar question: What kind of Java type is "[B"?
MySQL's AES_DECRYPT
does not return a String
but rather an array of bytes, denoted by "[B". Cast the result to byte[]
and build your string from that.
It looks like you don't even need to decrypt the password; you just want to validateUser
, right? - In that case, as others have noted, secure hashes should be used.
You can easily do this with MySQL, as it already provides the necessary functions: MD5 (considered insecure), SHA1 (pretty much standard), and SHA2 (even more secure than SHA1).
So your scheme basically may look like:
insert into loginDetails (..., passwordHashSalt, passwordHash) values ( ..., ?1, SHA1(CONCAT( ?1, ?2 )) )
, where ?1
is set to the unique 'salt', which may be for example the user name itself, and ?2
is the actual password. Note that the salt must be stored in the DB too and 'must' be unique for every user/password; thus, the user name is a natural choice for that.
Then, to verify a given password you can do:
select 'OK' from loginDetails where ... and passwordHash = SHA1(CONCAT( passwordHashSalt, ?1 ))
, where ?1
is the password which is to be verified.
For more information search the internet for 'password hashing', see for example here or here.
Those hashing operations may also be done in your database client code instead, if desired.