I'm building a program which connects to a MySQL server. The program saves the server passwords in SHA format. There's one class responsible for converting and checking the passwords, and another one for DB connection. Now, when the user starts the program, (s)he types in the username and password. The login checker converts the password to SHA and checks if it matches the earlier string. If it does (and the username is ok, of course), then the DB class will make the connection.
The problem here is, how should I deliver the password from the login checker to the DB connection? making a public method like getPassword() seems quite icky. I was thinking of using getEncryptedPwd() method which would return the SHA string of the password, but I can't find a way to use that to connect to the server.
At the moment, my connection is done like this:
String url = "jdbc:mysql://host:port/dbname?user=username&password=pwd"; Connection con = DriverManager.getConnection(url);
So, is there a way to use the SHA string in the connection? If there isn't, what would be the most secure way to get the username and password from one class to another?
Thanks and cheers! :)