I’m trying to simply store an base64 encripted password in database from an input in Java Web App.
I’m using hsqldb for this and my password column type is varbinary(255). But when I try to store it in database I just get the error below. I even tried to change the type of the password column to BLOB or varchar, but it still gives me the same error. Please help.
The error:
JavaScript
x
com.loginjava.exception.LoginException: Not possible to update the password at com.loginjava.classes.PasswordHandler.UpdatePassword(PasswordHandler.java:36) at com.loginjava.servlets.ForgotPasswordReset.doPost(ForgotPasswordReset.java:55) at javax.servlet.http.HttpServlet.service(HttpServlet.java:660) at javax.servlet.http.HttpServlet.service(HttpServlet.java:741) at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:231) at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166) at org.apache.tomcat.websocket.server.WsFilter.doFilter(WsFilter.java:53) at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193) at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166) at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:202) at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:96) at org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:541) at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:139) at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:92) at org.apache.catalina.valves.AbstractAccessLogValve.invoke(AbstractAccessLogValve.java:690) at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:74) at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:343) at org.apache.coyote.http11.Http11Processor.service(Http11Processor.java:373) at org.apache.coyote.AbstractProcessorLight.process(AbstractProcessorLight.java:65) at org.apache.coyote.AbstractProtocol$ConnectionHandler.process(AbstractProtocol.java:868) at org.apache.tomcat.util.net.NioEndpoint$SocketProcessor.doRun(NioEndpoint.java:1590) at org.apache.tomcat.util.net.SocketProcessorBase.run(SocketProcessorBase.java:49) at java.base/java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1128) at java.base/java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:628) at org.apache.tomcat.util.threads.TaskThread$WrappingRunnable.run(TaskThread.java:61) at java.base/java.lang.Thread.run(Thread.java:830)Caused by: java.sql.SQLDataException: data exception: invalid character value for cast at org.hsqldb.jdbc.JDBCUtil.sqlException(Unknown Source) at org.hsqldb.jdbc.JDBCUtil.sqlException(Unknown Source) at org.hsqldb.jdbc.JDBCPreparedStatement.setParameter(Unknown Source) at org.hsqldb.jdbc.JDBCPreparedStatement.setString(Unknown Source) at org.apache.tomcat.dbcp.dbcp2.DelegatingPreparedStatement.setString(DelegatingPreparedStatement.java:616) at org.apache.tomcat.dbcp.dbcp2.DelegatingPreparedStatement.setString(DelegatingPreparedStatement.java:616) at com.loginjava.classes.PasswordHandler.UpdatePassword(PasswordHandler.java:26) 25 moreCaused by: org.hsqldb.HsqlException: data exception: invalid character value for cast at org.hsqldb.error.Error.error(Unknown Source) at org.hsqldb.error.Error.error(Unknown Source) at org.hsqldb.Scanner.convertToBinary(Unknown Source) at org.hsqldb.types.BinaryType.castOrConvertToType(Unknown Source) at org.hsqldb.types.BinaryType.convertToDefaultType(Unknown Source) 30 more Here’s my Servlet:
JavaScript
protected void doPost(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException { String password = request.getParameter("password"); String token = request.getParameter("token"); if(PasswordHandler.CheckRequirements(password)) { String encryptedpwd = Base64.getEncoder().encodeToString(password.getBytes()); try { PasswordHandler.UpdatePassword(encryptedpwd, token); } catch (SQLException e) { e.printStackTrace(); } String message = Constants.PWD_SUCCESS; request.setAttribute("message", message); request.getRequestDispatcher("reset-password.jsp?token=" + token).forward(request, response); } else { String message = Constants.PWD_FAIL; request.setAttribute("message", message); request.getRequestDispatcher("reset-password.jsp?token=" + token).forward(request, response); } } This is the PasswordHandler.java class:
JavaScript
public static void UpdatePassword(String encryptedpwd, String token) throws SQLException { try { PreparedStatement ps = con.prepareStatement( "UPDATE user SET password = ? WHERE token = ?"); ps.setString(1,encryptedpwd); ps.setString(2,token); ps.executeUpdate(); ps.close(); } catch (Exception e) { throw new LoginException("Not possible to update the password", e); } }Advertisement
Answer
You have defined your password column as varbinary(255). Any character string inserted into this type of column must be in hexadecimal format, for example, cd349956e2. You can use an encoder to convert the password into a binary array, then convert the binary into hexadecimal before insert.
Or you can define the column as varchar(255) to insert the password as a base64 string.
In any case, passwords are not usually stored in database directly, but as a secure hash. For example a SHA-256 hash.