I am having problems understand something related to AES_DECRYPT. I made a test database in SQL and table tblKorisnici in it. Field I am having problem with is sifra in which is stored data using AES_ENCRYPT via MySQL.
我在理解与AES_DECRYPT相关的问题时遇到了问题。我在SQL中创建了一个测试数据库,并在其中创建了表tblKorisnici。字段我遇到的问题是sifra,其中使用AES_ENCRYPT通过MySQL存储数据。
Problem is: I want Application to check korisnik and sifra, if both match lblInfo should display text was login data entered correct, is there a user with given korisnik and sifra in table.
问题是:我希望Application检查korisnik和sifra,如果两者匹配lblInfo应该显示文本登录数据输入正确,是否有用户给定korisnik和sifra在表中。
private void btnPotvrdiActionPerformed(java.awt.event.ActionEvent evt) {
String sql = "SELECT korisnik, AES_DECRYPT(sifra, 'sometext'), ime, prezime, pozicija FROM tblKorisnici WHERE korisnik = ? AND sifra = ?";
try {
konekcija = DriverManager.getConnection("jdbc:mysql://localhost/lpa", "root", "");
pst = konekcija.prepareStatement(sql);
pst.setString(1, txtKorisnik.getText());
pst.setString(2, pasSifra.getText());
rs = pst.executeQuery();
if (rs.next()) {
lblInfo.setText("Login success");
}
else {
lblInfo.setText("Wrong");
}
}
catch (SQLException | HeadlessException ex){
JOptionPane.showMessageDialog(null, ex);
}
}
But, somehow, I can't make it work. korisnik, sifra, ime, prezime and pozicija are fields in table, only sifra is encrypted using AES_ENCRYPT and "sometext" as encryption key.
但是,不知何故,我无法使其发挥作用。 korisnik,sifra,ime,prezime和pozicija是表中的字段,只有sifra使用AES_ENCRYPT和“sometext”作为加密密钥加密。
I don't get any errors, just not working as intended. Probably something with sifra decryption because when I try sifra field with no encryption with data everything works.
我没有得到任何错误,只是没有按预期工作。可能是sifra解密的东西,因为当我尝试没有数据加密的sifra字段时,一切正常。
1 个解决方案
#1
1
The problem is in your WHERE clause. You are trying to compare the encrypted value of sifra to the unencrypted value of pasSifra. You need to either encrypt pasSifra (preferred) or decrypt sifra in the where clause.
问题出在WHERE子句中。您正在尝试将sifra的加密值与pasSifra的未加密值进行比较。您需要在where子句中加密pasSifra(首选)或解密sifra。
Try changing your query to this:
尝试将您的查询更改为:
sql = "SELECT korisnik, AES_DECRYPT(sifra, 'sometext'), ime, prezime, pozicija
FROM tblKorisnici
WHERE korisnik = ? AND sifra = AES_ENCRYPT(?,'sometext')"
I'd also recommend against returning the unencrypted version of sifra as this appears to be an authentication check. If all you need is to determine if a matching record exists you could pare your query down to this:
我还建议不要返回未加密的sifra版本,因为这似乎是一个身份验证检查。如果你需要的只是确定是否存在匹配的记录,你可以将你的查询削减到这个:
sql = "SELECT 1 FROM tblKorisnici
WHERE korisnik = ? AND sifra = AES_ENCRYPT(?,'sometext')"
#1
1
The problem is in your WHERE clause. You are trying to compare the encrypted value of sifra to the unencrypted value of pasSifra. You need to either encrypt pasSifra (preferred) or decrypt sifra in the where clause.
问题出在WHERE子句中。您正在尝试将sifra的加密值与pasSifra的未加密值进行比较。您需要在where子句中加密pasSifra(首选)或解密sifra。
Try changing your query to this:
尝试将您的查询更改为:
sql = "SELECT korisnik, AES_DECRYPT(sifra, 'sometext'), ime, prezime, pozicija
FROM tblKorisnici
WHERE korisnik = ? AND sifra = AES_ENCRYPT(?,'sometext')"
I'd also recommend against returning the unencrypted version of sifra as this appears to be an authentication check. If all you need is to determine if a matching record exists you could pare your query down to this:
我还建议不要返回未加密的sifra版本,因为这似乎是一个身份验证检查。如果你需要的只是确定是否存在匹配的记录,你可以将你的查询削减到这个:
sql = "SELECT 1 FROM tblKorisnici
WHERE korisnik = ? AND sifra = AES_ENCRYPT(?,'sometext')"