Pages

Thursday, December 25, 2014

A simpler way to encode passwords with grails

Hi! I've discovered that a password can be encrypted much easier, and without any additional plugins! Probably the encryption will not be so strong as with the jasypt plugin, but is much easier to implement.


The authentication method:


  def encryptedPassword = params.password.bytes.encodeBase64().toString()
def user = User.findByLoginAndPassword(params.login, encryptedPassword)

The register method:

def encryptedPassword = params.password.bytes.encodeBase64().toString()
def user = new User(login:params.login, password:encryptedPassword)
user.save()

All this encrypts the password at once when you enter it. Persists new user with the encrypted string to the DB, and when logging in it encrypts the entered password and then compares to the persisted string in your DB


Update: this is encoding, not encrypting:
Encoding transforms data into another format using a scheme that is publicly available so that it can easily be reversed.
Encryption transforms data into another format in such a way that only specific individual(s) can reverse the transformation.

Probably there are some uses for this stuff, but certainly not for security.

2 comments:

  1. Actually, that's not encrypting the password at all. That's encoding it. Base64 encoding it. This isn't a good practice at all since it's not any type of encryption and anyone who gets a copy of the encoded password can very easily decode it in a matter of milliseconds (through code or using online decoder).

    ReplyDelete
    Replies
    1. Oops! Thanks for pointing this out. Well then implementing this probably makes no sense at all.

      Delete