<html><DIV>I apologize if this message appears in duplicate. The original was posted before the I received notice that an additional confirmation message would be needed to get onto the list.</DIV>
<DIV> </DIV>
<DIV>I recently migrated an application from Oracle to Postgresql 7.1. The<BR>migration was fairly painless with one exception:<BR><BR>User's passwords are hashed using SHA, then stored in the database. Ie.<BR> // Get the hash of the password<BR> MessageDigest md=null;<BR> try {<BR> md = MessageDigest.getInstance("sha");<BR> }<BR> catch (NoSuchAlgorithmException e) {<BR> System.out.println("Error: sha encryption unavailable.");<BR> }<BR> String hashedPass = new<BR>String(md.digest(request.getParameter("pass").getBytes()));<BR><BR>This string contains several characters that are outside the normal ASCII<BR>range. The string could be stored and retrieved using Oracle and MySQL, but<BR>in Postgres any unusual characters become '?'. This corrupts the hash and<BR>prevents users from logging on.<BR><BR>So far, the following have been tried:<BR>- Password stored using PreparedStatement setString() call. Retrieved using<BR>ResultSet.getString(). Verified hash corruption in the database.<BR>- Password field datatype changed from varchar to bytea. Oddly enough,<BR>PreparedStatement.setBytes() can not be used against this datatype. Resorted<BR>to using .setString(). Hash was still corrupted at the database level.<BR><BR>Any insight into how to accomplish this task would be greatly appreciated.<BR><BR>Jerry<BR></DIV><br clear=all><hr>Get Your Private, Free E-mail from MSN Hotmail at <a href="http://www.hotmail.com">http://www.hotmail.com</a>.<br></p></html>