wood burning stoves 2.0*
The moose likes JDBC and the fly likes How to encrypt Database? Big Moose Saloon
  Search | Java FAQ | Recent Topics | Flagged Topics | Hot Topics | Zero Replies
Register / Login


Win a copy of Murach's Java Servlets and JSP this week in the Servlets forum!
JavaRanch » Java Forums » Databases » JDBC
Bookmark "How to encrypt Database?" Watch "How to encrypt Database?" New topic
Author

How to encrypt Database?

tangara goh
Ranch Hand

Joined: Dec 27, 2009
Posts: 125
I have created a log in page, using servlet for validation and jsp for display.

However, I would not want my passwords and userid to be "sniffed".

Hope to hear the experts' views on how to make sure data are secured in my ms access. Do I need to write any codes in my servlet to make it secure?

Any reference codes or materials would be most useful.

Thank you.
Ulf Dittmer
Marshal

Joined: Mar 22, 2005
Posts: 41068
    
  43
Best practice is to store passwords as hashed (or digested) values; that way, nobody can get at them.

More generally, security is a multi-faceted process that needs to be considered in each part of the system; if you're asking how to make a system more secure in general, then the SecurityFaq points to many areas you may want to address.


Ping & DNS - my free Android networking tools app
Vinod Tiwari
Ranch Hand

Joined: Feb 06, 2008
Posts: 459
    
    1
You may encrypt password and persist in database and for user authentication again encrypt entered passoword and compare with that in database.


Vinod Tiwari | Twitter
Tim McGuire
Ranch Hand

Joined: Apr 30, 2003
Posts: 820

here is pseudo code for what I used to hash the password before storage into the database:



MessageDigests are secure one-way hash functions that take arbitrary-sized data and output a fixed-length hash value
Scott Selikoff
Saloon Keeper

Joined: Oct 23, 2005
Posts: 3702
    
    5

Make encryption a one-way process. In other words, users enter passwords that get converted to encrypted values that *NEVER* get decrypted. This means that to verify login you compare the stored value against the encrypted value the user enters. This also means you never display or send the password to a user (which is actually a feature of this model, not a bug). If someone wants to log in as a user without knowing the password, the user's password has to be reset.


My Blog: Down Home Country Coding with Scott Selikoff
 
With a little knowledge, a cast iron skillet is non-stick and lasts a lifetime.
 
subject: How to encrypt Database?
 
Similar Threads
error page in web.xml
Need help for import com.oreilly.servlet.* on JBuilder 8 Ent
How to allow sorting of table?
creating JSF components at runtime
Need help in Java Class