All I wanted to do was SHA1 some passwords + salts in Oracle and then compare them when a user logs in. Is it really this difficult to do this comparison?
select USERNAME, USERPASSWORD, SALT
from USERS
where USERNAME = :U_NAME
and upper(PASS_HASH) in (select to_char(to_clob(dbms_crypto.hash(utl_raw.cast_to_raw(concat(:U_PASS, to_clob(SALT))), 3))) from dual)
and ACTIVE = 1
That works but how messed up is that?
For comparison in MySQL I believe it would be:
select USERNAME, USERPASSWORD, SALT
from USERS
where USERNAME = :U_NAME
and PASS_HASH = sha1(concat(:U_PASS, SALT))
and ACTIVE = 1
Am I just going about this the hard way?