I am working on an Intranet(Financial Application) project where i need to encrypt user password and store it in database(in encrypted form).Please help me how best i could achieve this requirement with Java. Thanks in advance.
Joined: May 05, 2000
There are several ways to do this. The easiest way is to transform the password into a message digest and store the message digest in the database. The nice thing about this is that it is a one way transition. There is no way to take a message digest and get the original password back. So whenever you want to see if the user has specified a valid passwotrd, you take the password they entered, run it through the message digest, and compare that to the password in the database. Here is a piece of the code: //input is a byte containing the password entered by the user MessageDigest md = MessageDigest.getInstance("SHA"); md.update(input); byte digest = md.digest; digest now contains the message digest that you need to compare to the database. Good luck.
Look at using JCE (Java Cryptography Extension); it's a standard part of JDK 1.4 (javax.crypto), but it's an optional package in previous versions of the JDK; you can d/l them from SUn.
Basically, you want to run an encryption algorithm on the password, send it to the server, and have the server compare the encrypted password to the version of the encrypted password stored in your database. If they match, the user has entered the correct password. This is the method most Unix systems use to keep the passwords secure; they're never sent in the clear.
Joined: Jan 07, 2002
Yea, Tom's example is much easier than mine, so I'd go with that.