File APIs for Java Developers
Manipulate DOC, XLS, PPT, PDF and many others from your application.
http://aspose.com/file-tools
The moose likes Servlets and the fly likes login Authentication Big Moose Saloon
  Search | Java FAQ | Recent Topics | Flagged Topics | Hot Topics | Zero Replies
Register / Login


Win a copy of Murach's Java Servlets and JSP this week in the Servlets forum!
JavaRanch » Java Forums » Java » Servlets
Bookmark "login Authentication" Watch "login Authentication" New topic
Author

login Authentication

Vivek Saxena
Ranch Hand

Joined: Apr 24, 2002
Posts: 58
Hi,
I am new to Java technology but i am a experienced client/server programmer. i am developing my first web application using struts framework. i need to know very basic concept.
What is the best and secure way to submit a HTML form with login and password?
How to store password (probably in encrypted form) in database?
What is the best and secured way to validate the login and password?
It may sound stupid but keep in mind that i am new to web application. Please do help me.
Thanks in advance.
vivek
Carl Trusiak
Sheriff

Joined: Jun 13, 2000
Posts: 3340
vsaxena
JavaRanch has a Naming Policy Please read it and change your display name to follow this requirement.
Vivek Saxena
Ranch Hand

Joined: Apr 24, 2002
Posts: 58
HI,
Sorry for incorrect display name.
Please do help me to resolve my problem.
Thanks
Meera Chandrasekaran
Greenhorn

Joined: Jan 08, 2002
Posts: 10
I think the safest way to submit a login form with username and password is to use SSL.
You can see this on the websites of online banks.
You can choose some kind of encryption algo, with a secure key and store the password as encrypted text in database, just like any other plain-text field.
When the user submits the username and password, you can match it with a simple condition, say for example,
if ( db_username = form_username &&
db_password = encrypt(form_password)
)
then
login success;
This is just an outline and you can improvise it to any level according to your application needs.
Hope this helps.
-meera
Bear Bibeault
Author and ninkuma
Marshal

Joined: Jan 10, 2002
Posts: 60739
    
  65

I'd highly recommend using both SSL and one-way encryption to store the password value.
By using one-way encryption you ensure that even if someone gains access to the database that the passwords are still secure. But that doesn't help much if passwords are transmitted from the client to the server as clear text -- that's where SSL comes in.
hth,
bear
[ April 24, 2002: Message edited by: Bear Bibeault ]

[Asking smart questions] [Bear's FrontMan] [About Bear] [Books by Bear]
Vivek Saxena
Ranch Hand

Joined: Apr 24, 2002
Posts: 58
HI,
I really appreciate both of you. could you please give me some sort of direction where to look or some sort of example? that would be great for me.
Any other help would be appreciated.
thanks
Carl Trusiak
Sheriff

Joined: Jun 13, 2000
Posts: 3340
Originally posted by vivek_saxena:
HI,
Sorry for incorrect display name.
Please do help me to resolve my problem.
Thanks

Simple, just go to here and change it!
Vivek Saxena
Ranch Hand

Joined: Apr 24, 2002
Posts: 58
Carl,
I had already corrected my name. i need help to resolve my problem in java.
Please someone help me.
Thanks
daryl olson
Ranch Hand

Joined: Aug 15, 2000
Posts: 36
Here's a good resource if you want to under stand how security in Servlets and JSP's.
Goto informit.com
then do a search "Advanced JavaServer Pages Security" from the site Search (on the upper left side of the window).
This is a chapter from a book by David Geary.
This site has alot of ver good resources...
Daryl
Rashid Ali
Ranch Hand

Joined: Jan 16, 2001
Posts: 349
Dear vivek
If you want to control your login validation through SSL, then you can send me an email at raashed99@yahoo.com, i will send back to you the example source code of login client/server application which connects through using SSLSocket's classes described in Advance Java How to Program by Deitel and Deitel.
Or, you can simply go to thier site and can download source code for Advanced Java™ 2 Platform How to Program.
Client/Server Login Authentication is described in thier chp07 directory: http://www.deitel.com/books/downloads.html
Hope it suffices your requirement.
Kind regards
Rashid Ali
[ April 29, 2002: Message edited by: Rashid Ali ]
 
I agree. Here's the link: http://aspose.com/file-tools
 
subject: login Authentication
 
Similar Threads
login Authentication
Signing the Data
Authentication over ssl in jsp
Best encryption and decryption algorithm using java API.
best way to keep tracking of the user info?