cpopham Posted April 25, 2005 Posted April 25, 2005 I have seen a method of encrypting a password into a byte array and then converting this to a string and storing it in a database. When the passwords are compared, the password that is typed in is sent through this same process and then compared at the database level to the encrypted password. This method also uses the "salt" method. Now I have taken a different route and encrypted my passwords, but instead of converting them back to an encrypted text string, I leave them as byte arrays and store them in the database this way. When the user enters a password, I send it though this same method and compare it to the byte array. What is the purpose of converting the encrypted password from a byte array into a string? Are there any advantages / disadvantages to this method? Are there any advantages/ disadvantages to leaving it as a byte array? Thanks, Chester Quote ____________________________________________ http://www.pophamcafe.com I am starting a developers section, more tutorials than anything.
HJB417 Posted April 26, 2005 Posted April 26, 2005 Well, I think the reason why people use string is, if you're not using parameters, it's generally impossible to put an array of bytes in an adhoc string. Think of the case where one is accessing the database using a command line client. Other than that, I think you should be fine, a string is a byte array, it's just interpreted differently so one must consider how the column is being accessed. Is it more likely to be used in a where clause or returned in a result set. Quote
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.