// Before returning, we pretend to evaluate the password.
// This helps prevent blackhats from discovering legal usernames
// by measuring how long password evaluation takes. For more context,
// see the 2012-02-22 comment on DERBY-5539.
//
PasswordHasher hasher = dd.makePasswordHasher( getDatabaseProperties() );
hasher.hashPasswordIntoString( userName, userPassword ).toCharArray();
return false;
}