I have a MySql database with a users table. In this table is a random token that is being used for security reasons. Until now, we have been adding users by manually adding rows; The token was created using MD5(Rand()).
I will now be adding users programmatically doing something like principal.setToken(whatever). What is the easiest way to replicate the SQL code I was using before? Should I be using MessageDigest and util.Random? Is there a way to say "YO! Run this as SQL code"?
Well, if you want to keep using the same routine, you could wrap it in an sql SELECT as follows:
SELECT MD5(Rand()) from SOMETABLE LIMIT 1;
Where SOMETABLE is some table in your system. I just tried this and it works in MySQL. You can then wrap this in a java method and return the hash value. This will let you move forward and retain the same token as before. (if you do this, i would also make sure SOMETABLE is not some heavily used mission critical table.)
On the other side, there should be nothing stopping you from using MessageDigest and Random. These links may help: here and here.
As an aside, I would probably not use random number on it's own as a token, unless the possibility of collisions over a large result set is not an issue for you: You could get the the same value multiple times from Rand/Random. I would probably base the MD5 hash on a combination of unique identifier and a random number. Using any combination of email, name, timestamp, process id, server id together with the random value might be enough to give you a better chance of uniqueness. Again, this depends on what chance of collisions your system can tolerate.
Hope this helps.