CODEWITHSUNDEEP
javamysql
user2372925
user2372925

Reputation: 9

Java Prepared Statement ENCRYPT

Looks like I m missing something in this statement. Trying to Encrypt the password before that goes in DB. And, using following String. 

String Sql = "INSERT INTO virtual_users"
               +"(domain_id, password, email) VALUES"
               +"(?,ENCRYPT(?, CONCAT('$6$', SUBSTRING(SHA(RAND()), -16))),?)";

Is there anything wrong with above ENCRYPT?

Complete Code for reference. 

public void AddMail(MailUsers mAC) {

   String Sql = "INSERT INTO virtual_users"
           +"(domain_id, password, email) VALUES"
           +"(?,ENCRYPT(?, CONCAT('$6$', SUBSTRING(SHA(RAND()), -16))),?)";

   PreparedStatement ps = null;

   try {
       ps = DBUtils.getPreparedStatement(Sql);
       ps.setInt(1, mAC.getDomain_id());
       ps.setString(2, mAC.getPassword());
       ps.setString(3, mAC.getEmail());

       System.out.println(ps);

       ps.executeUpdate();

   } catch (ClassNotFoundException | SQLException ex) {
       Logger.getLogger(DataAccess.class.getName()).log(Level.SEVERE, null, ex);
       System.out.println(ps);
   } 
}

ERROR

com.mysql.jdbc.JDBC42PreparedStatement@1c9aab0a: INSERT INTO virtual_users(domain_id, password, email) VALUES(1,ENCRYPT('asdfasdf', CONCAT('$6$', SUBSTRING(SHA(RAND()), -16))),'[email protected]') Severe: com.mysql.jdbc.exceptions.jdbc4.MySQLIntegrityConstraintViolationException: Column 'password' cannot be nul

Upvotes: 1

Views: 642

Answers (1)

Jorge Campos
Jorge Campos

Reputation: 23361

The problem here is that you are calling a function ENCRYPT which uses a native *NIX cript() method to encrypt the data. If you are in a windows machine such native function doesn't exists, it is clearly stated in the docs:

If crypt() is not available on your system (as is the case with Windows), ENCRYPT() always returns NULL.

Therefore anything you pass into the ENCRYPT function will evaluate to NULL, therefore the error you mention in the comments:

Info: com.mysql.jdbc.JDBC42PreparedStatement@1c9aab0a: INSERT INTO virtual_users(domain_id, password, email) VALUES(1,ENCRYPT('asdfasdf', CONCAT('$6$', SUBSTRING(SHA(RAND()), -16))),'[email protected]') Severe: com.mysql.jdbc.exceptions.jdbc4.MySQLIntegrityConstraintViolationException: Column 'password' cannot be null

Since you have a Not Null constraint in the password field, the error is thrown.

Try using one of the other available encryption functions in MySQL and take special care with the recommendations in the Docs

Or set up a simple hash function such as MD5('yourpass') to your Dev environment. Or even ditch the MySql function and use a Java method to do so. Take a look at this thread: How do I generate a SALT in Java for Salted-Hash?

Upvotes: 2

Related Questions