aspose file tools*
The moose likes JDBC and the fly likes How to insert password in an encrypted form into a table Big Moose Saloon
  Search | Java FAQ | Recent Topics | Flagged Topics | Hot Topics | Zero Replies
Register / Login
JavaRanch » Java Forums » Databases » JDBC
Bookmark "How to insert password in an encrypted form into a table" Watch "How to insert password in an encrypted form into a table" New topic
Author

How to insert password in an encrypted form into a table

kimi lynn
Greenhorn

Joined: Jun 02, 2003
Posts: 27
I'm trying to insert user name and password into a table from a GUI.I'd like to insert the password in an encrypted way.How shld i do that?I'm using mysql as the database and I checked if it supports md5 like select MD5("test"); from the mysql prompt.It returned me a 32 long hex number.
So, how should I modify the sql statement??Is this a better approach or is there any other way which is more secure.
Many thanks for your time.
private void jButton1ActionPerformed(java.awt.event.ActionEvent evt)
{
String str = jTextField1.getText();
setVisible(false);

try {
Class.forName("com.mysql.jdbc.Driver").newInstance();
connection =
DriverManager.getConnection("jdbc:mysql://localhost/accounts?user=root");
} catch (Exception ex) {
System.out.println("Exception"+ex);
}

PreparedStatement pstmt;
ResultSet rset;
try {

pstmt = connection.prepareStatement("insert into eit values(?,?)");
pstmt.setString(1,jTextField1.getText());
pstmt.setString(2, jTextField2.getText());
pstmt.executeUpdate();

} catch (Exception ex) {
System.out.println(ex.toString());
}


dispose();
}
David O'Meara
Rancher

Joined: Mar 06, 2001
Posts: 13459

I'm not sure what your question is, but:
Yes, you should hash passwords before saving them in the database.
Yes, you should include a 'salt' in the value.
Check the threads here and here
Dave
Gregg Bolinger
GenRocket Founder
Ranch Hand

Joined: Jul 11, 2001
Posts: 15299
    
    6

Kimi, here is a class I wrote to MD5 a string.

It's static so all you have to do is

Then you can insert that String, hash, into your database. When you need to authenticate the user you just hash the password and compare it to what is already in the database. MD5 cannot, generally speaking, be un-hashed. It's a one way encryption. If you need something more robust, definatly take a look at the links David suggested.
Also, MySQL has an MD5 function. I think you just do something like

Works great for entering encrypted values, but if you need to compare you would have to compare at the SQL level and not at your application level. Works both ways. I just prefer to do it at the Application level because if I ever moved to a different DB I know mine will still work.
[ February 03, 2004: Message edited by: Gregg Bolinger ]

GenRocket - Experts at Building Test Data
kimi lynn
Greenhorn

Joined: Jun 02, 2003
Posts: 27
Thanks Gregg, thats helped me.since this is only one way encryption, what happens if the user forgets his password??we cant decrypt it, right??
In my case,I've 2 types of users, admin and the regular users.Admin has all privileges, he can create a new user and if the normal user has forgot the password, he shld be able to issue a new password.whats the best way to generate a password for the user who lost his password.I'm thinking about random password generation.is that possible??
All am doing in swing.
Thanks once again
 
 
subject: How to insert password in an encrypted form into a table