• Post Reply
  • Bookmark Topic Watch Topic
  • New Topic

failing to get login right from servlet and midlet

 
Kenneth Owino
Greenhorn
Posts: 23
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Hi every one! I am failing to get login right. The code i have below is to input username and password from a midlet, send it to a servlet using post method, check the user name and password in the servlet with a mysql database and then send response to the midlet to either cahange to another displayable or to try again. the problem i get is that either my servlet code for checking username and password isn't correct and also maybe the servlet response is not sent to the midlet. I even think my method for sending response to the midlet is wrong but don't know a better way to do it. some one help please.
midlet code:


servlet code
 
Martijn Verburg
author
Bartender
Posts: 3275
5
Eclipse IDE Java Mac OS X
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Hi Kenneth and welcome to Javaranch, what error message are you getting?
 
Lester Burnham
Rancher
Posts: 1337
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
While I don't know what's going on, I see three security problems with the code:

1) Since the server doesn't sanitize the DB inputs, it's vulnerable to SQL injection attacks; you really should be using a PreparedStatement.

2) Don't send login information via GET; use POST instead. Using GET the password is stored in numerous places (like caches, access and log files, etc.) that really have no business recording such information.

3) Also, it seems that passwords are stored in the DB as plain text - another no-no. Stored passwords should be hashed (using an algorithm like SHA-2) so that they can't be retrieved.
 
Kenneth Owino
Greenhorn
Posts: 23
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
hi. thanks for the reply. there are no error messages i receive but the program fails to display an output as required. i tested it and found that the response from the servlet is not null but it seems it is in a format that cannot be understood by the midlet. could you please check my method of sending response and maybe the way the midlet handles the response and give me a correction or better code. i think my problem is around there but i cannot figure out what to do
 
  • Post Reply
  • Bookmark Topic Watch Topic
  • New Topic