def encryptedPassword = params.password.bytes.encodeBase64().toString()
def user = User.findByLoginAndPassword(params.login, encryptedPassword)
def encryptedPassword = params.password.bytes.encodeBase64().toString()
def user = new User(login:params.login, password:encryptedPassword)
user.save()
Update: this is encoding, not encrypting:
Encoding transforms data into another format using a scheme that is publicly available so that it can easily be reversed.Encryption transforms data into another format in such a way that only specific individual(s) can reverse the transformation.
Probably there are some uses for this stuff, but certainly not for security.
Actually, that's not encrypting the password at all. That's encoding it. Base64 encoding it. This isn't a good practice at all since it's not any type of encryption and anyone who gets a copy of the encoded password can very easily decode it in a matter of milliseconds (through code or using online decoder).
ReplyDeleteOops! Thanks for pointing this out. Well then implementing this probably makes no sense at all.
Delete