I apologize if this message appears in duplicate. The original was posted before the I received notice that an additional confirmation message would be needed to get onto the list.

 

I recently migrated an application from Oracle to Postgresql 7.1. The
migration was fairly painless with one exception:

User's passwords are hashed using SHA, then stored in the database. Ie.
    // Get the hash of the password
    MessageDigest md=null;
    try {
      md = MessageDigest.getInstance("sha");
    }
    catch (NoSuchAlgorithmException e) {
      System.out.println("Error: sha encryption unavailable.");
    }
    String hashedPass = new
String(md.digest(request.getParameter("pass").getBytes()));

This string contains several characters that are outside the normal ASCII
range. The string could be stored and retrieved using Oracle and MySQL, but
in Postgres any unusual characters become '?'. This corrupts the hash and
prevents users from logging on.

So far, the following have been tried:
- Password stored using PreparedStatement setString() call. Retrieved using
ResultSet.getString(). Verified hash corruption in the database.
- Password field datatype changed from varchar to bytea. Oddly enough,
PreparedStatement.setBytes() can not be used against this datatype. Resorted
to using .setString(). Hash was still corrupted at the database level.

Any insight into how to accomplish this task would be greatly appreciated.

Jerry