• Post Reply
  • Bookmark Topic Watch Topic
  • New Topic

login Authentication

 
Vivek Saxena
Ranch Hand
Posts: 58
  • 0
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Hi,
I am new to Java technology but i am a experienced client/server programmer. i am developing my first web application using struts framework. i need to know very basic concept.
What is the best and secure way to submit a HTML form with login and password?
How to store password (probably in encrypted form) in database?
What is the best and secured way to validate the login and password?
It may sound stupid but keep in mind that i am new to web application. Please do help me.
Thanks in advance.
vivek
 
Carl Trusiak
Sheriff
Posts: 3340
  • 0
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
vsaxena
JavaRanch has a Naming Policy Please read it and change your display name to follow this requirement.
 
Vivek Saxena
Ranch Hand
Posts: 58
  • 0
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
HI,
Sorry for incorrect display name.
Please do help me to resolve my problem.
Thanks
 
Meera Chandrasekaran
Greenhorn
Posts: 10
  • 0
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
I think the safest way to submit a login form with username and password is to use SSL.
You can see this on the websites of online banks.
You can choose some kind of encryption algo, with a secure key and store the password as encrypted text in database, just like any other plain-text field.
When the user submits the username and password, you can match it with a simple condition, say for example,
if ( db_username = form_username &&
db_password = encrypt(form_password)
)
then
login success;
This is just an outline and you can improvise it to any level according to your application needs.
Hope this helps.
-meera
 
Bear Bibeault
Author and ninkuma
Marshal
Pie
Posts: 64173
83
IntelliJ IDE Java jQuery Mac Mac OS X
  • 0
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
I'd highly recommend using both SSL and one-way encryption to store the password value.
By using one-way encryption you ensure that even if someone gains access to the database that the passwords are still secure. But that doesn't help much if passwords are transmitted from the client to the server as clear text -- that's where SSL comes in.
hth,
bear
[ April 24, 2002: Message edited by: Bear Bibeault ]
 
Vivek Saxena
Ranch Hand
Posts: 58
  • 0
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
HI,
I really appreciate both of you. could you please give me some sort of direction where to look or some sort of example? that would be great for me.
Any other help would be appreciated.
thanks
 
Carl Trusiak
Sheriff
Posts: 3340
  • 0
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Originally posted by vivek_saxena:
HI,
Sorry for incorrect display name.
Please do help me to resolve my problem.
Thanks

Simple, just go to here and change it!
 
Vivek Saxena
Ranch Hand
Posts: 58
  • 0
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Carl,
I had already corrected my name. i need help to resolve my problem in java.
Please someone help me.
Thanks
 
daryl olson
Ranch Hand
Posts: 36
  • 0
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Here's a good resource if you want to under stand how security in Servlets and JSP's.
Goto informit.com
then do a search "Advanced JavaServer Pages Security" from the site Search (on the upper left side of the window).
This is a chapter from a book by David Geary.
This site has alot of ver good resources...
Daryl
 
Rashid Ali
Ranch Hand
Posts: 349
  • 0
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Dear vivek
If you want to control your login validation through SSL, then you can send me an email at raashed99@yahoo.com, i will send back to you the example source code of login client/server application which connects through using SSLSocket's classes described in Advance Java How to Program by Deitel and Deitel.
Or, you can simply go to thier site and can download source code for Advanced Java™ 2 Platform How to Program.
Client/Server Login Authentication is described in thier chp07 directory: http://www.deitel.com/books/downloads.html
Hope it suffices your requirement.
Kind regards
Rashid Ali
[ April 29, 2002: Message edited by: Rashid Ali ]
 
It is sorta covered in the JavaRanch Style Guide.
  • Post Reply
  • Bookmark Topic Watch Topic
  • New Topic