Look in to that determined glance. A being, determined to survive and do anything to survive. 

Lion is not trying to be a lion, the majestic king of nature, the ultimate predator it is. It simply is. It is his nature, and there is no other way that he can be.

To be a warrior.

There are no choices - to be the strongest predator, or not. He is, or he is not a lion. Or he is not alive. The only struggle that forces you to become something better - the struggle to survive.

A simpler way to encode passwords with grails

Hi! I've discovered that a password can be encrypted much easier, and without any additional plugins! Probably the encryption will not be so strong as with the jasypt plugin, but is much easier to implement.

The authentication method:

  def encryptedPassword = params.password.bytes.encodeBase64().toString()

def user = User.findByLoginAndPassword(params.login, encryptedPassword)

The register method:

def encryptedPassword = params.password.bytes.encodeBase64().toString()

def user = new User(login:params.login, password:encryptedPassword)

user.save()

All this encrypts the password at once when you enter it. Persists new user with the encrypted string to the DB, and when logging in it encrypts the entered password and then compares to the persisted string in your DB


Update: this is encoding, not encrypting:

Encoding transforms data into another format using a scheme that is publicly available so that it can easily be reversed.

Encryption transforms data into another format in such a way that only specific individual(s) can reverse the transformation.

Probably there are some uses for this stuff, but certainly not for security.

grails jasypt field encryption - encrypt database entries

Hi! One cool plugin i came across recently - jasypt-encryption plugin. Using it you can easily implement automatic encryption and decryption of fields to your database. This will protect data in your database. But not in your application, because in your app the data is unencrypted, it is encrypted only in the DB.

First of all, check this repository for a wiki and some code examples: https://github.com/dtanner/grails-jasypt

Installation is very easy:

1)In BuildConfig.groovy (for hibernate4 you need jasypt 1.3.1, for hibernate 3 you need jasypt 1.2.1):

plugins {

compile ":jasypt-encryption:1.3.1"

runtime ":hibernate4:4.3.5.5" 

}



2)in Config.groovy:


jasypt {

    algorithm = "PBEWITHSHA256AND256BITAES-CBC-BC"

    providerName = "BC"
    password = "test"
    keyObtentionIterations = 1000

}

3)And in the domain object you will use encryption, add import and mapping:

 import com.bloomhealthco.jasypt.GormEncryptedStringType
String password

static mapping = {

password type: GormEncryptedStringType
}

Not when the user is persisted, the password field is automatically encrypted, and decrypted when fetched from DB.

So, this is a way to add some security to your database. But if you need encryption for, example, protecting passwords, then you better not use jasypt, but use spring security.

Jasypt encrypts and persists data, and when you fetch data from the DB it is automatically decrypted, so, for example, in an authentication algorithm you compare unencrypted passwords, and the password fetched from DB exists in an unencrypted state in your application.

While with spring security plugin the encryption is one-way: the password is encrypted and persisted, and when user logins, the password is encrypted, and the encrypted string is compared to the persisted one from earlier.