Win a copy of Learn Spring Security (video course) this week in the Spring forum!
  • Post Reply
  • Bookmark Topic Watch Topic
  • New Topic

How to insert password in an encrypted form into a table

 
kimi lynn
Greenhorn
Posts: 27
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
I'm trying to insert user name and password into a table from a GUI.I'd like to insert the password in an encrypted way.How shld i do that?I'm using mysql as the database and I checked if it supports md5 like select MD5("test"); from the mysql prompt.It returned me a 32 long hex number.
So, how should I modify the sql statement??Is this a better approach or is there any other way which is more secure.
Many thanks for your time.
private void jButton1ActionPerformed(java.awt.event.ActionEvent evt)
{
String str = jTextField1.getText();
setVisible(false);

try {
Class.forName("com.mysql.jdbc.Driver").newInstance();
connection =
DriverManager.getConnection("jdbc:mysql://localhost/accounts?user=root");
} catch (Exception ex) {
System.out.println("Exception"+ex);
}

PreparedStatement pstmt;
ResultSet rset;
try {

pstmt = connection.prepareStatement("insert into eit values(?,?)");
pstmt.setString(1,jTextField1.getText());
pstmt.setString(2, jTextField2.getText());
pstmt.executeUpdate();

} catch (Exception ex) {
System.out.println(ex.toString());
}


dispose();
}
 
David O'Meara
Rancher
Posts: 13459
Android Eclipse IDE Ubuntu
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
I'm not sure what your question is, but:
Yes, you should hash passwords before saving them in the database.
Yes, you should include a 'salt' in the value.
Check the threads here and here
Dave
 
Gregg Bolinger
GenRocket Founder
Ranch Hand
Posts: 15302
6
Chrome IntelliJ IDE Mac OS X
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Kimi, here is a class I wrote to MD5 a string.

It's static so all you have to do is

Then you can insert that String, hash, into your database. When you need to authenticate the user you just hash the password and compare it to what is already in the database. MD5 cannot, generally speaking, be un-hashed. It's a one way encryption. If you need something more robust, definatly take a look at the links David suggested.
Also, MySQL has an MD5 function. I think you just do something like

Works great for entering encrypted values, but if you need to compare you would have to compare at the SQL level and not at your application level. Works both ways. I just prefer to do it at the Application level because if I ever moved to a different DB I know mine will still work.
[ February 03, 2004: Message edited by: Gregg Bolinger ]
 
kimi lynn
Greenhorn
Posts: 27
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Thanks Gregg, thats helped me.since this is only one way encryption, what happens if the user forgets his password??we cant decrypt it, right??
In my case,I've 2 types of users, admin and the regular users.Admin has all privileges, he can create a new user and if the normal user has forgot the password, he shld be able to issue a new password.whats the best way to generate a password for the user who lost his password.I'm thinking about random password generation.is that possible??
All am doing in swing.
Thanks once again
 
  • Post Reply
  • Bookmark Topic Watch Topic
  • New Topic