This week's book giveaway is in the OCPJP forum. We're giving away four copies of OCA/OCP Java SE 7 Programmer I & II Study Guide and have Kathy Sierra & Bert Bates on-line! See this thread for details.
Hi, I am new to Java technology but i am a experienced client/server programmer. i am developing my first web application using struts framework. i need to know very basic concept. What is the best and secure way to submit a HTML form with login and password? How to store password (probably in encrypted form) in database? What is the best and secured way to validate the login and password? It may sound stupid but keep in mind that i am new to web application. Please do help me. Thanks in advance. vivek
I think the safest way to submit a login form with username and password is to use SSL. You can see this on the websites of online banks. You can choose some kind of encryption algo, with a secure key and store the password as encrypted text in database, just like any other plain-text field. When the user submits the username and password, you can match it with a simple condition, say for example, if ( db_username = form_username && db_password = encrypt(form_password) ) then login success; This is just an outline and you can improvise it to any level according to your application needs. Hope this helps. -meera
I'd highly recommend using both SSL and one-way encryption to store the password value. By using one-way encryption you ensure that even if someone gains access to the database that the passwords are still secure. But that doesn't help much if passwords are transmitted from the client to the server as clear text -- that's where SSL comes in. hth, bear [ April 24, 2002: Message edited by: Bear Bibeault ]
Here's a good resource if you want to under stand how security in Servlets and JSP's. Goto informit.com then do a search "Advanced JavaServer Pages Security" from the site Search (on the upper left side of the window). This is a chapter from a book by David Geary. This site has alot of ver good resources... Daryl
Dear vivek If you want to control your login validation through SSL, then you can send me an email at email@example.com, i will send back to you the example source code of login client/server application which connects through using SSLSocket's classes described in Advance Java How to Program by Deitel and Deitel. Or, you can simply go to thier site and can download source code for Advanced Java™ 2 Platform How to Program. Client/Server Login Authentication is described in thier chp07 directory: http://www.deitel.com/books/downloads.html Hope it suffices your requirement. Kind regards Rashid Ali [ April 29, 2002: Message edited by: Rashid Ali ]