if i store a password data from jsp to the database how to hide it from others seeing the password in the database?i.e viewing my table they should not be able to look at my password? Should be encrypt or any method is there for this?? Well am sure u guys have understood this question? This was asked to me in an interview?
If you need to store passwords in the databse and they are only required for authentication, then you can use a one-way function, also called a hash function, to protect the passwords. A one way function is a function that is easy to compute in one direction, but the inverse is difficult or impossible to compute. ie it is difficult to find the input value given the output value. The user passes your application a password and asks you to save it. You send the password through the hash function and get the mangled value back and store this in the database. When they log in, you get the password they send, mangle it again, and compare that the two mangled versions of the passwords are the same. At no point do you give anyone access to the real (unhashed) password. It is also very difficult to find the original password given the hashed value. MD5 is an example of a one-way hash function used in cryptography. I'm looking for an intro page, but I'm having trouble finding one I like... Dave
Well, yes. Just do a SELECT But, to provide a more useful answer, the idea is to do something like this: Suppose, you have a function encrypt(String input), which creates an excrypted String for you. Example:
Suppose the encryptedPassword is something like %@SF&HGEB&*)$M#*SND*@)! now, and that it's impossible to decrypt it. We save this String to the database in the 'saveToDatabase' method, and we are done.
Then, when a user tries to log in, use something like this: Example
What we do here is to get the encrypted password from the database. Then, we get the password the user typed in (from a form, or swing, or something else). As we cannot decrypt it, we encrypt it and compare the encrypted input password against the encrypted password in the database. If the two encrypted password are the same, it is the same password, thus providing the user access to the system.
I hope this clears up any question you have, if it doesn't, let me/us know! Erik Pragt