This week's book giveaway is in the OO, Patterns, UML and Refactoring forum. We're giving away four copies of Refactoring for Software Design Smells: Managing Technical Debt and have Girish Suryanarayana, Ganesh Samarthyam & Tushar Sharma on-line! See this thread for details.
Hi every one! I am failing to get login right. The code i have below is to input username and password from a midlet, send it to a servlet using post method, check the user name and password in the servlet with a mysql database and then send response to the midlet to either cahange to another displayable or to try again. the problem i get is that either my servlet code for checking username and password isn't correct and also maybe the servlet response is not sent to the midlet. I even think my method for sending response to the midlet is wrong but don't know a better way to do it. some one help please.
While I don't know what's going on, I see three security problems with the code:
1) Since the server doesn't sanitize the DB inputs, it's vulnerable to SQL injection attacks; you really should be using a PreparedStatement.
2) Don't send login information via GET; use POST instead. Using GET the password is stored in numerous places (like caches, access and log files, etc.) that really have no business recording such information.
3) Also, it seems that passwords are stored in the DB as plain text - another no-no. Stored passwords should be hashed (using an algorithm like SHA-2) so that they can't be retrieved.
Joined: Aug 09, 2010
hi. thanks for the reply. there are no error messages i receive but the program fails to display an output as required. i tested it and found that the response from the servlet is not null but it seems it is in a format that cannot be understood by the midlet. could you please check my method of sending response and maybe the way the midlet handles the response and give me a correction or better code. i think my problem is around there but i cannot figure out what to do