File APIs for Java Developers
Manipulate DOC, XLS, PPT, PDF and many others from your application.
http://aspose.com/file-tools
The moose likes JSP and the fly likes if i store a password data from jsp to the database how to hide it from others seeing Big Moose Saloon
  Search | Java FAQ | Recent Topics | Flagged Topics | Hot Topics | Zero Replies
Register / Login
JavaRanch » Java Forums » Java » JSP
Bookmark "if i store a password data from jsp to the database how to hide it from others seeing" Watch "if i store a password data from jsp to the database how to hide it from others seeing" New topic
Author

if i store a password data from jsp to the database how to hide it from others seeing

senthil sen
Ranch Hand

Joined: Oct 10, 2002
Posts: 184
if i store a password data from jsp to the database how to hide it from others seeing the password in the database?i.e viewing my table they should not be able to look at my password?
Should be encrypt or any method is there for this??
Well am sure u guys have understood this question?
This was asked to me in an interview?
David O'Meara
Rancher

Joined: Mar 06, 2001
Posts: 13459

If you need to store passwords in the databse and they are only required for authentication, then you can use a one-way function, also called a hash function, to protect the passwords.
A one way function is a function that is easy to compute in one direction, but the inverse is difficult or impossible to compute. ie it is difficult to find the input value given the output value.
The user passes your application a password and asks you to save it. You send the password through the hash function and get the mangled value back and store this in the database.
When they log in, you get the password they send, mangle it again, and compare that the two mangled versions of the passwords are the same. At no point do you give anyone access to the real (unhashed) password. It is also very difficult to find the original password given the hashed value.
MD5 is an example of a one-way hash function used in cryptography.
I'm looking for an intro page, but I'm having trouble finding one I like...
Dave
David O'Meara
Rancher

Joined: Mar 06, 2001
Posts: 13459

There is an intro page here: http://www.15seconds.com/issue/000217.htm
Be aware that the sample code is for ASP not JSP. It looks close but is not quite what you are looking for.
Dave
senthil sen
Ranch Hand

Joined: Oct 10, 2002
Posts: 184
thanks for ur reply dave,i will work on this if u get any other information about this concept kindly forward it ..
Nealle
Greenhorn

Joined: Jun 18, 2002
Posts: 2
Depending which DB you use many support one way hashing in the insert statement. MySql is a good example.
Nealle
senthil sen
Ranch Hand

Joined: Oct 10, 2002
Posts: 184
hi,
well if we use hashtable and enter data into the database how to retrieve it from there..any method there for this??
Erik Pragt
Ranch Hand

Joined: Sep 08, 2001
Posts: 125
Well, yes.
Just do a SELECT
But, to provide a more useful answer, the idea is to do something like this:
Suppose, you have a function encrypt(String input), which creates an excrypted String for you.
Example:

Suppose the encryptedPassword is something like %@SF&HGEB&*)$M#*SND*@)! now, and that it's impossible to decrypt it. We save this String to the database in the 'saveToDatabase' method, and we are done.

Then, when a user tries to log in, use something like this:
Example

What we do here is to get the encrypted password from the database. Then, we get the password the user typed in (from a form, or swing, or something else). As we cannot decrypt it, we encrypt it and compare the encrypted input password against the encrypted password in the database. If the two encrypted password are the same, it is the same password, thus providing the user access to the system.

I hope this clears up any question you have, if it doesn't, let me/us know!
Erik Pragt
 
I agree. Here's the link: http://aspose.com/file-tools
 
subject: if i store a password data from jsp to the database how to hide it from others seeing