aspose file tools*
The moose likes JDBC and the fly likes Username and Passwords Big Moose Saloon
  Search | Java FAQ | Recent Topics | Flagged Topics | Hot Topics | Zero Replies
Register / Login
JavaRanch » Java Forums » Databases » JDBC
Bookmark "Username and Passwords" Watch "Username and Passwords" New topic
Author

Username and Passwords

Leyla Nazari
Greenhorn

Joined: Feb 27, 2006
Posts: 3
I am writing an application that requires user registration and the login details will be saved in a database (MySQL).
In a realworld example, where is the username kept in the db? i.e. is it best to use the existing user table provided by mysql? or do I need to create a new table and store the usernames in there?
is the predefined user table from MySQL, reserved for admin users?
Also the password. How and what is the best way of storing passwords to the database?
Are there any books which show "real-world" examples of such thing?
Please help as this is the first time I'm doing this thing and I have no idea!!??
stu derby
Ranch Hand

Joined: Dec 15, 2005
Posts: 333
The usernames and passwords you propose storing are from a database perspective merely application data; you don't want to create a database account for each user, you want to create a single database account for your application, and store application data (such as application username and password) using the one account, which you use to get your database connections.
Roger Chung-Wee
Ranch Hand

Joined: Sep 29, 2002
Posts: 1683
In the real world, authentication data is sometimes held in an external LDAP store, such as Open LDAP, Active Directory, Novell or NDS, in order to validate user credentials based on a username-password combination or a digital certificate.

I've also worked on enterprise apps where we used WebLogic Server's embedded LDAP server to persist all of its information about users, groups, policies, roles and user credentials.


SCJP 1.4, SCWCD 1.3, SCBCD 1.3
Jeanne Boyarsky
internet detective
Marshal

Joined: May 26, 2003
Posts: 30537
    
150

Leyla,
Welcome to JavaRanch!

For a simpler app, the database makes sense to store passwords. For an enterprise level one, you would want LDAP.

If you are storing passwords in the datbase, make sure to encrypt them. Most databases support that.


[Blog] [JavaRanch FAQ] [How To Ask Questions The Smart Way] [Book Promos]
Blogging on Certs: SCEA Part 1, Part 2 & 3, Core Spring 3, OCAJP, OCPJP beta, TOGAF part 1 and part 2
Leyla Nazari
Greenhorn

Joined: Feb 27, 2006
Posts: 3
Many thanks for all your answers.

So, if I create a username and password for the application and only use that to connect to the database and then just have the username and passwords for users as normal application data. ofcourse the password will be encrypted. then the verification will be done via comaring the actual inputs against what is stored in the database, when the applications is already logged in to the database. Ok, I think I understood this part.
But what about the LDAP? how does this work?
Are there any examples that specifically illustrate this procedure? I've tried searching the net, but so far haven't been satisfied with my findings.

Any links or explanations will be greatly appreciated!
Paul Clapham
Bartender

Joined: Oct 14, 2005
Posts: 18570
    
    8

My opinion: forget about LDAP for now and go with the database solution.

Background: I just finished a project converting our LDAP directory for user information into an SQL database. The people who designed the system put the user information into an LDAP for whatever reasons they had; but then we wanted other information in there, such as their customer number and what applications they had access to and so on. Everything in the directory was a string, so it was easy to input invalid data. The tools for maintaining the information were user-unfriendly. To ask questions like "How many users do we have from chain X" required learning a new query language, about which it's hard to find any information, and we're already overloaded with learning new languages and new versions of old languages. It was just dysfunctional.
Jeanne Boyarsky
internet detective
Marshal

Joined: May 26, 2003
Posts: 30537
    
150

Leyla,
LDAP is a tree based directory store for user information. It is almost always backed by a database. If you want to try out LDAP, take a look at Open LDAP.

LDAP is good for what it does - store user information. Once you get in the business of storing too much other data in there, it causes the problems Paul mentioned.
 
I agree. Here's the link: http://aspose.com/file-tools
 
subject: Username and Passwords